pax_global_header00006660000000000000000000000064123041211720014503gustar00rootroot0000000000000052 comment=e654bbc92bd00456c7471eaff20ff1290d56c35d tlsdate-0.0.7/000077500000000000000000000000001230412117200131475ustar00rootroot00000000000000tlsdate-0.0.7/.gitignore000066400000000000000000000007031230412117200151370ustar00rootroot00000000000000*~ *.gz *.o .deps/ .libs/ autom4te.cache/ Makefile Makefile.in aclocal.m4 config.guess config.log config.status config.sub configure depcomp install-sh libtool missing stamp-h1 config/ src/.dirstamp src/compat/.dirstamp src/android/.dirstamp src/configmake.h src/tlsdate-helper.o src/tlsdate-helper src/tlsdate.o src/tlsdate m4 *.swp *.la *.lo src/proxy-bio_unittest src/tlsdate-routeup src/tlsdated src/tlsdated_unittest TAGS tags config.h config.in tlsdate-0.0.7/.travis.yml000066400000000000000000000004611230412117200152610ustar00rootroot00000000000000language: c before_script: ./autogen.sh compiler: - clang - gcc branches: only: - master before_install: - sudo apt-get update -qq - sudo apt-get install -qq autotools-dev dh-apparmor hardening-wrapper libssl-dev autoconf automake pkg-config libtool script: ./configure && make && make test tlsdate-0.0.7/AUTHORS000066400000000000000000000001631230412117200142170ustar00rootroot00000000000000Jacob Appelbaum Christian Grothoff Elly Jones tlsdate-0.0.7/CHANGELOG000066400000000000000000000147551230412117200143750ustar00rootroot000000000000000.0.8 TBD Fix build on FreeBSD 10 and 11. Add FreeBSD 9.2 support for tlsdate and tlsdate-helper. 0.0.7 Sat 2 Nov, 2013 Add tentative -plan9.[ch] versions of tlsdate-helper. Add -x option to tlsdated to override source proxies. Correctly check SANs against target host when using proxies. Fix a race in tlsdate-dbus-announce that can cause signal drops. Support -l argument to tlsdated. Pass -l and -v arguments from tlsdated to tlsdate. Log more verbosely at tlsdated startup. Add FreeBSD support for tlsdate and tlsdate-helper. Add Android build support with Android NDK for tlsdate. Add NetBSD 6.0.1 support for tlsdate and tlsdate-helper. Add OpenBSD 5.2 support for tldate and tlsdate-helper. Add official support for Debian, Ubuntu, CentOS, Fedora, RHEL, OpenSUSE, and Arch GNU/Linux distros. Add Mac OS X 10.8.3 support Extensive setup/install documentation is now present in INSTALL for most OSes Add DragonFly BSD 3.3 support Refactored subprocess watching. Added integration tests. Run with ./run-tests Refactored event loop. Added suspend/resume RTC corruption detection. Add -w option to get time from HTTPS header instead of from TLS ServerHello Update AppArmor profile Add simple systemd service file Extra verbose output available with -vv; useful verbosity is -v 0.0.6 Mon 18 Feb, 2013 Ensure that tlsdate compiles with g++ by explicit casting rather than implicit casting by whatever compiler is compiling tlsdate. Fix a logic bug in CN parsing caught by Ryan Sleevi of the Google Chrome Team Further fixes by Thijs Alkemade Add PolarSSL support (We no longer require OpenSSL to function!) Thanks to Paul Bakker and the PolarSSL team! Experimental Mac OS X (10.8.2) support Thanks to Brian Aker and Ingy döt Net for pair programming time 0.0.5 Web 23 Jan, 2013 Fix spelling error in tlsdate-helper Update man pages formatting Add Seccomp-BPF policies to be used with Minijail Update CA cert file to remove TÜRKTRUST Support both CA certificate files or directories full of CA certs Currently /etc/tlsdate/ca-roots/tlsdate-ca-roots.conf Support announcing time updates over DBus with --enable-dbus This introduces the 'tlsdate-dbus-announce' utility Add support for lcov/gcov at build time See ./configure --enable-code-coverage-checks and make lcov Don't hardfail if DEFAULT_RTC_DEVICE cannot be opened, even if desired Raspberry PI users rejoice (if the fix works) Support -j to add jitter to tlsdated time checks. Exponential backoff when TLS connections fail. Add config file support (have a look at man/tlsdated.conf.5) Support multiple hosts for time fetches Add multiple hosts to your tlsdated.conf file today Add simple AppArmor profile for /usr/bin/tlsdate-dbus-announce Update AppArmor profile for tlsdated 0.0.4 Wed 7 Nov, 2012 Fixup CHANGELOG and properly tag Version Numbers Are Free! Hooray! Update certificate data in ca-roots/ tlsdate will now call tlsdate-helper with an absolute path Pointed out ages ago by 0xabad1dea and others as a better execlp path forward for execution. 0.0.3 Mon 5 Nov, 2012 Add tlsdate-routeup man page Update all man pages to reference other related man pages Fix deb Makefile target Update documentation misc src changes (retab, formatting, includes, etc) Update AppArmor profiles Add HTTP/socks4a/socks5 proxy support and update man page documentation 0.0.2 Mon 29 Oct, 2012 Released at the Metalab in Vienna during their third #CryptoParty Add '-n' and '--dont-set-clock' option to fetch but not set time Add '-V' and '--showtime' option to display remote time Add '-t' and '--timewarp' option If the local clock is before RECENT_COMPILE_DATE; we set the clock to the RECENT_COMPILE_DATE. If the local clock is after RECENT_COMPILE_DATE, we leave the clock alone. Clock setting is performed as the first operation and will impact certificate verification. Specifically, this option is helpful if on first boot, the local system clock is set back to the era of Disco and Terrible Hair. This should ensure that X509_V_ERR_CERT_NOT_YET_VALID or X509_V_ERR_CERT_HAS_EXPIRED are not encountered because of a broken RTC or the lack of a local RTC; we assume that tlsdate is recompiled yearly and that all certificates are otherwise considered valid. Add '-l' and '--leap' Normally, the passing of time or time yet to come ensures that SSL verify functions will fail to validate certificates. Commonly, X509_V_ERR_CERT_NOT_YET_VALID and X509_V_ERR_CERT_HAS_EXPIRED are painfully annoying but still very important error states. When the only issue with the certificates in question is the timing information, this option allows one to trust the remote system's time, as long as it is after RECENT_COMPILE_DATE and before MAX_REASONABLE_TIME. The connection will only be trusted if X509_V_ERR_CERT_NOT_YET_VALID and/or X509_V_OKX509_V_ERR_CERT_HAS_EXPIRED are the only errors encountered. The SSL verify function will not return X509_V_OK if there are any other issues, such as self-signed certificates or if the user pins to a CA that is not used by the remote server. This is useful if your RTC is broken on boot and you are unable to use DNSSEC until you've at least had some kind of leap of cryptographically assured data. Update usage documentation Move {*.c,h} into src/ Move *.1 into man/ Update TODO list to reflect desired changes Update AppArmor profile to restrict {tlsdate,tlsdate-helper,tlsdated,tlsdate-routeup} Update AUTHORS file to include a new email address Update CHANGELOG Added proper date for the 0.0.1 release (Added all of the above items, obviously) Print key bit length and key type information Update Copyright headers to include the Great Christian Grothoff Ensure key bit length and key type values are reasonable Add CommonName and SAN checking Add enumeration and printing of other x.509 extensions in SAN checking Add SAN checking for iPAddress field per RFC2818 Various small bug fixes Fixed various tiny memory leaks Added compat layer library for future multi-platform support by David Goulet Compile output is now largely silent by default Wildcard certificate verification per RFC 2595 Add list of trusted CA certs to /etc/tlsdate/tlsdate-ca-roots.conf Add Makefile target to update trusted CA certs from Mozilla's NSS trust root Add tlsdated daemon Add tlsdated documentation 0.0.1 Fri Jul 13, 2012 First git tagged release tlsdate-0.0.7/HACKING.md000066400000000000000000000053021230412117200145350ustar00rootroot00000000000000Please feel free to contribute patches; here are the basic guidelines to hack along with us! Please work from a git tree by cloning the repo: git clone https://github.com/ioerror/tlsdate.git Please file bugs on the tlsdate issue tracker: https://github.com/ioerror/tlsdate/issues Please use the github pull request feature when possible. The current build status is available as a handy image: [![Build Status](https://secure.travis-ci.org/ioerror/tlsdate.png?branch=master)](http://travis-ci.org/ioerror/tlsdate) Continuous integration is available for a number of platforms: https://jenkins.torproject.org/job/tlsdate-ci-linux/ https://travis-ci.org/ioerror/tlsdate http://build.chromium.org/p/chromiumos/waterfall White Space: Spaces only, no tabs; all tabs must die No stray spaces at the end of lines Generally try not to add excessive empty white space Documentation: Document all functions with doxygen style comments Ensuring Correctness: Test your patches and ensure: No compiler warnings or errors No linker warnings or errors Test your improved copy of tlsdate extensively Security: tlsdate is security sensitive - please consider where you add code and in what context it will run. When possible, run with the least privilege as is possible. Proactively find bugs: Run your copy of tlsdate under valgrind Weird but meaningful conventions are prefered in tlsdate. We prefer attention to detail: if ( NULL == foo (void) ) { bar (void); } Over quick, hard to read and potentilly incorrect: if (foo(void)==NULL)) bar(); Define magic numbers and explain their origin: // As taken from RFC 3.14 #define MAGIC_NUMBER 23 // This goes in foo.h ptr = malloc (MAGIC_NUMBER); Rather than just throwing them about in code: ptr = malloc (23); It is almost always prefered to use dynamically allocated memory: widget_ptr = malloc (WIDGET_SIZE); Try to avoid static allocations like the following: char widget[WIDGET_SIZE]; Try to use unsigned values unless an API requires signed values: uint32_t server_time_s; Please provide relevant CHANGELOG entries for all changes. Please remove items from the TODO file as they are completed. Please provide unittest cases. When submitting patches via email, please use `git format-patch` to format patches: git format-patch 9a61fcba9bebc3fa2d91c9f79306bf316c59cbcc Email patches with a GnuPG signature whenever possible. When applying patches, please use `git am` to apply patches: git am -i 0001-add-TODO-item.patch If `git format-patch` is not possible, please send a unified diff. When in doubt, please consult the Tor HACKING guide: https://gitweb.torproject.org/tor.git/blob/HEAD:/doc/HACKING tlsdate-0.0.7/HARDENING000066400000000000000000000063001230412117200143700ustar00rootroot00000000000000Platforms offer varying security features; we'd like to support the best. This is a document that notes which security hardening we have implemented and which things we'd like to see implemented for various platforms. We specifically address exploitation mitigation and containment; security issues such as x509 certification validation are not addressed here, yet. Patches, suggestions and improvements are welcome! We always want the strongest set of options by default on each supported platform. We attempt to use the C programming language correctly and in a standard way. We do however use some compiler specific options such as defining integer wrapping because we believe the practical benefit outweights the implied risks. As such, we prefer to be explicit rather than implicit in our casting or other possible ambiguity. We should treat all compiler and linker warnings as fatal errors. Currently, consider autotools warnings to be an exception as we would like to support platforms imperfectly rather than not at all. We generally wish to support autotools bootstrapping on all of our supported platforms. This is not possible on Plan 9. Currently autotools will complain on the BSD systems. On all platforms we attempt to support available compiler hardening and linking options. Please do not disable these options. Additional compiler and linker hardening options are welcome and the current options are implemented in the following file: configure.ac On all platforms, we attempt to switch from the administrative user to an unimportant role account which shares data with no other processes. If we start as any user other than an administrative user, we will likely be unable to switch to our normal unprivileged account. These users are defined at `configure` time. It is most effective if such a user is not the traditional 'nobody' or group 'nogroup' as is often the tradition. In addition to the above hardening options, we have tried to extend our hardening when the platform supports it. Each additional security measure that we take is documented as well as planned or desired improvements. We do not currently support or set ulimits, we should do so where possible. On Debian Gnu/Linux platforms, we ship with a minimal AppArmor profile, see the policy for details: apparmor-profile We'd like to have an SELinux policy specifically for tlsdate. We'd like to support capability dropping with libcap or libcap-ng. We'd like to support libseccomp2 filters. Other kernel hardening suggestions are welcome. On ChromeOS we use minijail and seccomp filters, see the following policies for details: tlsdate-seccomp-amd64.policy tlsdate-seccomp-arm.policy tlsdate-seccomp-x86.policy These are enabled by default in ChromeOS. On FreeBSD, we'd like to support jails, chroot, and Capsicum. On OpenBSD, we'd like to support chroot and systrace. On NetBSD, we'd like to chroot. On DragonFly BSD, we'd like to support chroot and jails. On Mac OS X, we'd like to support chroot and seatbelt. On Plan9, we'd like to chroot. On Windows, we do nothing beyond compile time hardening. We'd like to do more. On other platforms, we'll try to run correctly with the understanding that any bug is likely a much more serious problem. tlsdate-0.0.7/INSTALL000066400000000000000000000122741230412117200142060ustar00rootroot00000000000000tlsdate should build and work on the following Operating Systems: Debian Gnu/Linux squeeze, wheezy, sid Ubuntu lucid, natty, oneiric, precise, quantal CentOS 6.2, 6.3, 6.4 Fedora 17, 18 RedHat Enterprise Server 6.4 OpenSUSE 11.2, 12.3 FreeBSD 9.2, 10, 11 Mac OS X 10.8.2, 10.8.3 ChromeOS Release 25, 26, 27 and above Android with the Android NDK (use Makefile.android) Arch Linux (Don't forget to symlink to /dev/rtc to /dev/rtc0) NetBSD 6.0.1 OpenBSD 5.2 Gentoo 20130413 DragonFly BSD 3.3-DEVELOPMENT Debian GNU/kFreeBSD 7.0 (8.2-1-amd64) tlsdate should build and might even work on the following Operating Systems: Win32 with Cygwin CYGWIN_NT-6.1 1.7.18(0.263/5/3 Win32 with MinGW Haiku r1alpha4 Please file a bug or email the tlsdate team if you have successfully built or use tlsdate on a platform that is not listed. We are specifically looking for ports of tlsdate or for tlsdate integration on the following Operating Systems: Windows native OpenWRT pfsense OpenVMS Irix Minix Any of the other classic unix systems Currently porting is in progress or partially documented for: Plan9 (with APE) Debian GNU/Hurd 7.0 (GNU-Mach 1.3.99-486-dbg/Hurd-0.3) Currently we report "server time 0 (difference is about 1367009757 s)" Building and install of tlsdate on GNU/Linux and FreeBSD: ./autogen.sh ./configure make make install Cleaning is the usual: make clean On Debian Gnu/Linux sid/unstable: apt-get install tlsdate On Debian GNU/Linux and related systems, we provide an init.d script that controls the tlsdated daemon. It will notice network changes and regularly invoke tlsdate to keep the clock in sync. Start it like so: /etc/init.d/tlsdate start Debian GNU/Hurd does not yet support autotools bootstrapping and users must bootstrap with `make dist` on another platform from the tlsdate git repository. With such a release tar.gz it is the expected process: ./configure make make install Please note that setting time on GNU/Hurd has not yet been tested. On ChromeOS: tlsdate is part of the ChromeOS TCB; no install needed On Gentoo: emerge net-misc/tlsdate On FreeBSD one may also use the ports system: cd /usr/ports/sysutils/tlsdate make make install On Mac OS X, we require that you have XCode installed. You may also need brew for autoconf and automake packages: brew install autoconf automake libtool pkg-config It should also be possible to install tlsdate on OS X 10.8.x with brew directly: brew install tlsdate To make an unsigned Debian package: git checkout debian-master make deb On Fedora: yum install tlsdate To run tlsdated as a service on Fedora: systemctl enable tlsdate.service systemctl start tlsdate.service On Arch Linux there is a PKGBUILD in the Arch User Repository: https://aur.archlinux.org/packages/tlsdate https://aur.archlinux.org/packages/tl/tlsdate/PKGBUILD Cygwin requires that the user installs openssl-dev, gcc, pkg-config, libtool, automake, autoconf: ./configure make On Plan9 the start of building might look something like this: ip/ipconfig ndb/dns -r 9fs sources /n/sources/contrib/fgb/root/rc/bin/contrib/install fgb/openssl mk install On Haiku we must use gcc4: export CC=/boot/develop/abi/x86/gcc4/tools/gcc4.6.3-haiku-121101/bin/gcc export LDFLAGS="$LDFLAGS -lbsd" ./configure # This includes the above exports currently make OpenBSD builds from source and is not yet in the port system: export AUTOCONF_VERSION= export AUTOMAKE_VERSION= ./autogen.sh ./configure make make install To make a Debian source package: git checkout master ./autogen.sh ./configure && make debian_orig git checkout debian-master fakeroot debian/rules clean cd ../ dpkg-source -i'.*' -b tlsdate Example of how to build a package for Debian: # First build the source package above scp tlsdate_* dixie.torproject.org:~/src/debian-builds/ ~/bin/sbuild-stuff tlsdate_0.0.1-1.dsc # Download or build the package locally # and sign the .changes or .dsc file debsign -k0xD81D840E tlsdate_0.0.1-1.dsc Example of how to upload it (after a Debian sponsor signs off on it): dget http://www.example.com/tlsdate_0.0.1-1_amd64.changes dput tlsdate_0.0.1-1_amd64.changes For Android: To cross compile tlsdate for Android (tested on Linux) you must have the Android NDK (>=r8) installed somewhere on your system, and define the environment variable NDK_BASE to be the path to the NDK's root dir. export NDK_BASE=/home/user/src/android-ndk-r8d The Android build also requires a cross-compiled OpenSSL. The Android Makefile will attempt to build openssl, if you provide the path via the OPENSSL_ANDROID env var. git clone https://github.com/guardianproject/openssl-android.git /path/to/android-openssl export OPENSSL_ANDROID=/path/to/android-openssl Once NDK_BASE and OPENSSL_ANDROID are set properly, you can cross compile tlsdate with: make distclean # clean any previous builds rm configure # distclean doesn't remove this file make -f Makefile.android Android NDK: https://developer.android.com/tools/sdk/ndk/index.html OpenSSL for Android: https://github.com/guardianproject/openssl-android tlsdate-0.0.7/LICENSE000066400000000000000000000046421230412117200141620ustar00rootroot00000000000000 This file contains the license for tlsdate, a free software project to set your system clock securely. It also lists the licenses for other components used by tlsdate. For more information about tlsdate, see https://github.com/ioerror/tlsdate If you got this file as a part of a larger bundle, there may be other license terms that you should be aware of. =============================================================================== tlsdate is distributed under this license: Copyright (c) 2011-2012, Jacob Appelbaum Copyright (c) 2011-2012, The Tor Project, Inc. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the names of the copyright owners nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. =============================================================================== If you got tlsdate as a static binary with OpenSSL included, then you should know: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)" =============================================================================== tlsdate-0.0.7/Makefile.am000066400000000000000000000103321230412117200152020ustar00rootroot00000000000000# vim:ft=automake AM_CFLAGS="-D__STDC_LIMIT_MACROS" BUILT_SOURCES= doc_DATA= EXTRA_DIST= TESTS= bin_PROGRAMS= sbin_PROGRAMS= check_PROGRAMS= lib_LTLIBRARIES= man_MANS= noinst_HEADERS= noinst_LTLIBRARIES= noinst_PROGRAMS= if !TARGET_OSX # GNU style is "make check", this will make check and test work TESTS+= src/conf_unittest src/proxy-bio_unittest if TARGET_LINUX TESTS+= src/tlsdated_unittest src/event_unittest endif test: check endif ACLOCAL_AMFLAGS= -I m4 # Our Debian version DEBIAN_VERSION := $(shell if [ -e debian/changelog ]; then cat debian/changelog|head -n1|cut -d\- -f2| head -c 1; else echo "unknown"; fi) doc_DATA+= AUTHORS doc_DATA+= CHANGELOG doc_DATA+= LICENSE doc_DATA+= README doc_DATA+= TODO EXTRA_DIST+= $(doc_DATA) EXTRA_DIST+= apparmor-profile EXTRA_DIST+= autogen.sh EXTRA_DIST+= tlsdated.service include src/include.am # Cleanup individual files in order to preserve uninstall/etc order maintainer-clean-local: @rm -r -f autom4te.cache @rm Makefile.in @rm aclocal.m4 @rm config.in @rm config/config.guess @rm config/config.sub @rm config/depcomp @rm config/install-sh @rm config/ltmain.sh @rm config/missing @rm configure @rmdir config @rm m4/libtool.m4 @rm m4/ltoptions.m4 @rm m4/ltsugar.m4 @rm m4/ltversion.m4 @rm m4/lt~obsolete.m4 @rm -f tlsdate-*.tar.gz -rm src/configmake.h @find ./ | $(GREP) \~$$ | xargs rm -f certdir = @TLSDATE_CA_ROOTS@ cert_DATA = ca-roots/tlsdate-ca-roots.conf EXTRA_DIST+= $(cert_DATA) confdir = @TLSDATE_CONF_DIR@ if TARGET_LINUX conf_DATA = etc/tlsdated.conf EXTRA_DIST+= $(conf_DATA) endif # Our documentation man_MANS+= man/tlsdate.1 man_MANS+= man/tlsdate-helper.1 if TARGET_LINUX man_MANS+= man/tlsdated.8 man_MANS+= man/tlsdate-routeup.1 man_MANS+= man/tlsdated.conf.5 man_MANS+= man/tlsdate-dbus-announce.1 endif EXTRA_DIST+= $(man_MANS) .PHONY: debian_orig git-tag git-push git-tag-debian deb really-clean valgrind_test debian_orig: $(MAKE) distcheck mv tlsdate-$(VERSION).tar.gz ../tlsdate_$(VERSION).orig.tar.gz git-tag: git tag -u 0xD81D840E -s tlsdate-$(VERSION) git-tag-debian: git tag -u 0xD81D840E -s tlsdate-$(VERSION)-debian-${DEBIAN_VERSION} git-push: git push --tags git push deb: debian_orig debuild -i'.*' -rfakeroot -uc -us -d # This generates code coverage data that is useful for continuous integration lcov: # ./configure --enable-code-coverage-checks && make && # ... run everything and then... lcov --directory src -b . --capture --output-file tlsdate.lcov && genhtml -o lcov/ tlsdate.lcov valgrind_test: TESTS_ENVIRONMENT="./libtool --mode=execute valgrind --trace-children=yes --leak-check=full" ./src/tlsdate -v -V -n -H encrypted.google.com # This allows us to parse the Mozilla NSS CA trusted root list and ensures we # respect the trust bits as they are set - using them directly without the # context is dangerous. This gives us a basic set of CA roots to trust for use # with tlsdate without relying on any system CA list. # You'll need agl's extract-nss-root-certs to recreate this file: # https://github.com/agl/extract-nss-root-certs update_ca_root_data: curl https://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt\?raw\=1 -o ca-roots/certdata.txt go run ~/Documents/code/git/extract-nss-root-certs/convert_mozilla_certdata.go ca-roots/certdata.txt > ca-roots/tlsdate-ca-roots.conf rm ca-roots/certdata.txt test_run: ./src/tlsdate-helper www.ptb.de 443 tlsv1 racket verbose ca-roots/tlsdate-ca-roots.conf dont-set-clock showtime no-fun holdfast none BUILT_SOURCES+= src/configmake.h noinst_HEADERS+= src/configmake.h src/configmake.h: ${top_srcdir}/Makefile.in @echo "Making $@" @rm -f $@-t $@ @{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \ echo '#define TLSDATE_CONFIG "$(sysconfdir)/ca-roots/"'; \ echo '#define TLSDATE_CERTFILE "$(sysconfdir)/tlsdate/ca-roots/tlsdate-ca-roots.conf"'; \ echo '#define TLSDATE_CONF_DIR "$(sysconfdir)/tlsdate/"'; \ echo '#define TLSDATE_HELPER "$(bindir)/tlsdate-helper"'; \ echo '#define TLSDATE "$(bindir)/tlsdate"'; \ echo '#define TLSDATED "$(bindir)/tlsdated"'; \ echo '#define TLSDATE_DBUS_ANNOUNCE "$(bindir)/tlsdate-dbus-announce"'; \ } | sed '/""/d' > $@-t @if diff $@-t $@ >/dev/null 2>&1 ; then \ rm @-t ; \ else \ mv $@-t $@ ; \ fi tlsdate-0.0.7/Makefile.android000066400000000000000000000046501230412117200162330ustar00rootroot00000000000000# ## Cross-compile env for Android # Requires Android NDK >= r8 # Requires the following env variables: # # NDK_BASE - path to your NDK's root directory # e.g., /home/user/android-ndk # OPENSSL_ANDROID - path to NDK built openssl # e.g., /home/user/src/openssl-android # # Android NDK setup NDK_COMPILER_VERSION=4.6 NDK_ABI=arm NDK_BASE ?= /usr/local/android-ndk #platform level >= 8 required for dladdr() NDK_PLATFORM_LEVEL ?= 8 NDK_SYSROOT=$(NDK_BASE)/platforms/android-$(NDK_PLATFORM_LEVEL)/arch-arm NDK_UNAME=`uname -s | tr '[A-Z]' '[a-z]'` NDK_TOOLCHAIN=$(NDK_BASE)/toolchains/$(NDK_ABI)-linux-androideabi-$(NDK_COMPILER_VERSION)/prebuilt/$(NDK_UNAME)-x86 # to use the real HOST tag, you need the latest libtool files: # http://stackoverflow.com/questions/4594736/configure-does-not-recognize-androideabi NDK_UNAME := `uname -s | tr '[A-Z]' '[a-z]'` HOST := arm-linux-androideabi LOCAL_LDFLAGS = -L$(OPENSSL_ANDROID)/obj/local/armeabi/ -ldl -lcrypto -lssl -lz LOCAL_LDFLAGS += -L$(NDK_TOOLCHAIN)/lib/gcc/arm-linux-androideabi/$($NDK_COMPILER_VERSION) -lgcc CFLAGS = -I$(OPENSSL_ANDROID)/include CC := $(NDK_TOOLCHAIN)/bin/arm-linux-androideabi-gcc --sysroot=$(NDK_SYSROOT) CXX := $(NDK_TOOLCHAIN)/bin/arm-linux-androideabi-g++ CPP := $(NDK_TOOLCHAIN)/bin/arm-linux-androideabi-cpp LD := $(NDK_TOOLCHAIN)/bin/arm-linux-androideabi-ld AR := $(NDK_TOOLCHAIN)/bin/arm-linux-androideabi-ar RANLIB := $(NDK_TOOLCHAIN)/bin/arm-linux-androideabi-ranlib STRIP := $(NDK_TOOLCHAIN)/bin/arm-linux-androideabi-strip \ all: $(OPENSSL_ANDROID)/libs/armeabi/libcrypto.so tlsdate-build $(OPENSSL_ANDROID)/libs/armeabi/libcrypto.so: cd $(OPENSSL_ANDROID) && ndk-build -j4 openssl-clean: -cd $(OPENSSL_ANDROID) && ndk-build clean openssl-distclean: -cd $(OPENSSL_ANDROID) && ndk-build distclean configure: configure.ac ./autogen.sh && \ CFLAGS="$(CFLAGS)" ./configure \ CC="$(CC)" \ AR=$(AR) \ RANLIB=$(RANLIB) \ CFLAGS="$(CFLAGS)" \ --disable-static \ --disable-languages \ --disable-dbus \ --host=$(HOST) #--prefix=$(prefix) \ #--exec-prefix=$(prefix) tlsdate-build: configure make -f Makefile CFLAGS="$(CFLAGS)" LDFLAGS="$(LOCAL_LDFLAGS)" tlsdate-clean: -make -f Makefile clean tlsdate-distclean: -make -f Makefile distclean && rm configure clean: openssl-clean tlsdate-clean distclean: openssl-distclean tlsdate-distclean .PHONY: clean openssl-clean tlsdate-clean tlsdate-0.0.7/README000066400000000000000000000027241230412117200140340ustar00rootroot00000000000000tlsdate: secure parasitic rdate replacement tlsdate sets the local clock by securely connecting with TLS to remote servers and extracting the remote time out of the secure handshake. Unlike ntpdate, tlsdate uses TCP, for instance connecting to a remote HTTPS or TLS enabled service, and provides some protection against adversaries that try to feed you malicious time information. On Debian GNU/Linux and related systems, we provide an init.d script that controls the tlsdated daemon. It will notice network changes and regularly invoke tlsdate to keep the clock in sync. Start it like so: /etc/init.d/tlsdate start Here is an example an unprivileged user fetching the remote time: % tlsdate -V -n -H encrypted.google.com Fri Apr 19 17:56:46 PDT 2013 This is an example run - starting as root and dropping to nobody, setting the clock and printing it: % sudo tlsdate -V Fri Apr 19 17:57:49 PDT 2013 Here is an example with a custom host and custom port without verification: % sudo tlsdate --skip-verification -p 80 -H rgnx.net Here is an example where a system may not have any kind of RTC at boot. Do the time warp to restore sanity and do so with a leap of faith: % sudo tlsdate -V -l -t Fri Apr 19 18:08:03 PDT 2013 Some SSL/TLS services do not provide accurate time in their handshake process; tlsdate may also be used to fetch time by processing the HTTP Date headers of HTTP services: % sudo tlsdate -V -l -t -w Wed Oct 30 18:08:46 CET 2013 tlsdate-0.0.7/TLSDATEPOOL000066400000000000000000000026601230412117200146700ustar00rootroot00000000000000"Lets parasitically pool TLS resources into a single location!" ntp has pool.ntp.org which currently hosts around ~3000 machines. tlsdate has only the wild internet's pool of TLS/SSL machines. It is believed that there are around ~185,000 reasonable SSL/TLS servers in the genepool that is the internet. To discover the relevant systems in the genepool we will conduct scans and collect data of SSL/TLS services for the entire internet. When a server is discovered and it is confirmed to have a reasonably accurate clock, we will store it in the genepool list. The genepool list will first be a text file included with tlsdate and tlsdate will have an option to use the local genepool; it will randomly select an entry from the list and use it for timing information. The genepool list will be in the following CSV format: hostname,port,last known IP address, protocol Currently, the default protocol is TLSv1 unless otherwise specified. Fields may include sslv2, sslv3, tlsv1, tlsv1.1, tlsv1.2, xmpp, pop3, imap and other STARTTLS enabled protocols. Eventually, we propose that a simple DNS query interface located at genepool.tlsdate.net should return random entries from the genepool list. It should only host records of machines that have correct timing information in their SSL/TLS handshakes. The data returned will optionally be a TXT record containing a line from a regularly updated genepool cache file or an A/AAAA record for the host. tlsdate-0.0.7/TODO000066400000000000000000000040421230412117200136370ustar00rootroot00000000000000 Here is a nice list of things to do to improve tlsdate: 1) hack the client handshake to not leak the clock to the server set it to all zeros or something cute or something random 3) add HTTP GET request to avoid network fingerprinting 6) skew the clock rather than slamming it 7) drop privs earlier 11) verification of remote certificate for Tor nodes 13) account for servers that do not send UTC (Microsoft sends local time) 14) port to nss, gnutls, yassl, and other libraries 15) starttls support (smtp, pop, imap, ftp, xmpp) 16) ensure that 32bit time isn't near wrapping time on 32bit systems 17) find others to audit it - we need more eyes! 20) Add verification of remote servers by DANE/CAA DNSSEC protected records 21) Integrate Chrome's CRL list into tlsdate 22) Block revoked or bad certs such as MD5 inc. and others. 24) Add OCSP check option 25) Block weak signature algorithms 26) Hard code block list of known horrible certs (extract from Chrome/FF) 28) Check that extended key usage is empty, or includes TLS Server Auth 29) extract the SubjectPublicKeyInfo from the certificates; match against public keys 31) Fetch HTTP over TLS to parse date field and confirm sync with the tls date 32) Integrate tack support https://github.com/tack/tackc 33) Implement checking of RFC 2818 style wildcards: http://wiki.cacert.org/WildcardCertificates 34) Clear the environment for tlsdated and related utils before execve() 35) seatbelt profile for Mac OS X 36) SELinux policy for GNU/Linux platforms 37) Port to some Windows operating system that anyone actually uses 38) Add seccomp suport 40) Add tlsdated support for machines without a RTC Explicitly support Raspberry pi use case 42) Unit-test everything 45) Drop root from tlsdated 47) Review cert validation and compare it with Chrome: https://code.google.com/p/chromium/codesearch#chrome/src/net/base/x509_certificate.cc&l=500 48) Complain when server uses very weak DH group parameters example weak server: https://demo.cmrg.net/ Patches welcome! tlsdate-0.0.7/apparmor-profile000066400000000000000000000121041230412117200163470ustar00rootroot00000000000000# # AppArmor tlsdate profile for Ubuntu 11.04 and later # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public # License published by the Free Software Foundation. # #include /usr/bin/tlsdate { #include #include capability sys_time, capability setgid, capability setuid, capability sys_chroot, # IPv4 TCP network inet stream, # IPv4 UDP for DNS resolution network inet dgram, # IPv6 TCP network inet6 stream, # IPv6 UDP network inet6 dgram, # Required for gethostbyname /etc/resolv.conf r, /run/resolvconf/resolv.conf r, /etc/nsswitch.conf r, /etc/localtime r, /etc/nsswitch.conf r, /etc/hosts r, /etc/host.conf r, # Allow reading public certs but not private keys /etc/ssl/certs/* r, /usr/share/ca-certificates/*/** r, # Allow reading of /etc/tlsdate/ /etc/tlsdate/*/** r, # Required for getpwnam /etc/passwd r, /etc/group r, /proc/sys/kernel/ngroups_max r, # Allow reading of libs and /tmp /etc/ld.so.cache r, # Random number generation requires these two /dev/random r, /dev/urandom r, # Allow mapping of shared libraries /lib/* rm, /lib32/* rm, /lib64/* rm, /usr/lib/* rm, /lib/x86_64-linux-gnu/* rm, /usr/lib/x86_64-linux-gnu/* rm, # We'll allow tlsdate to write a new root to chroot into /tmp/ r, owner /tmp/tlsdate_*/ rw, # We'll allow tlsdate to exec tlsdate-helper /usr/bin/tlsdate-helper ixm, /usr/bin/tlsdate ixm, } /usr/bin/tlsdate-helper { #include #include capability sys_time, capability setgid, capability setuid, capability sys_chroot, # IPv4 TCP network inet stream, # IPv4 UDP for DNS resolution network inet dgram, # IPv6 TCP network inet6 stream, # IPv6 UDP network inet6 dgram, # Required for gethostbyname /etc/resolv.conf r, /run/resolvconf/resolv.conf r, /etc/nsswitch.conf r, /etc/localtime r, /etc/nsswitch.conf r, /etc/hosts r, /etc/host.conf r, # Allow reading public certs but not private keys /etc/ssl/certs/* r, /usr/share/ca-certificates/*/** r, # Allow reading of /etc/tlsdate/ /etc/tlsdate/*/** r, # Required for getpwnam /etc/passwd r, /etc/group r, /proc/sys/kernel/ngroups_max r, # Allow reading of libs and /tmp /etc/ld.so.cache r, # Random number generation requires these two /dev/random r, /dev/urandom r, # Allow mapping of shared libraries /lib/* rm, /lib32/* rm, /lib64/* rm, /usr/lib/* rm, /usr/local/lib/* rm, /lib/x86_64-linux-gnu/* rm, /usr/lib/x86_64-linux-gnu/* rm, # We'll allow tlsdate to write a new root to chroot into /tmp/ r, owner /tmp/tlsdate_*/ rw, } /usr/bin/tlsdated { #include #include capability sys_time, capability setgid, capability setuid, capability sys_chroot, # IPv4 TCP network inet stream, # IPv4 UDP for DNS resolution network inet dgram, # IPv6 TCP network inet6 stream, # IPv6 UDP network inet6 dgram, # Required for gethostbyname /etc/resolv.conf r, /etc/nsswitch.conf r, /etc/localtime r, /etc/nsswitch.conf r, /etc/hosts r, /etc/host.conf r, # Allow reading public certs but not private keys /etc/ssl/certs/* r, /usr/share/ca-certificates/*/** r, # Allow reading of /etc/tlsdate/ /etc/tlsdate/*/** r, /etc/tlsdate/tlsdated.conf r, # Required for getpwnam /etc/passwd r, /etc/group r, /proc/sys/kernel/ngroups_max r, # tlsdated looks into proc for answers /proc/meminfo r, # Allow reading of libs and /tmp /etc/ld.so.cache r, # Random number generation requires these two /dev/random r, /dev/urandom r, # RTC /dev/rtc0 rw, # Allow mapping of shared libraries /lib/* rm, /lib32/* rm, /lib64/* rm, /usr/lib/* rm, /usr/local/lib/* rm, /lib/x86_64-linux-gnu/* rm, /usr/lib/x86_64-linux-gnu/* rm, # We'll allow tlsdate to write a new root to chroot into /tmp/ r, owner /tmp/tlsdate_*/ rw, # We'll allow tlsdated to cache the time here owner /var/cache/tlsdated/* rw, # We'll allow tlsdated to exec tlsdate-helper /usr/bin/tlsdate-dbus-announce ixm, /usr/bin/tlsdate-routeup ixm, /usr/bin/tlsdate-helper ixm, /usr/bin/tlsdate ixm, } /usr/bin/tlsdate-routeup { #include # Allow reading of /etc/tlsdate/ /etc/tlsdate/*/** r, # Allow reading of libs and /tmp /etc/ld.so.cache r, # Random number generation requires these two /dev/random r, /dev/urandom r, # Allow mapping of shared libraries /lib/* rm, /lib32/* rm, /lib64/* rm, /usr/lib/* rm, /lib/x86_64-linux-gnu/* rm, /usr/lib/x86_64-linux-gnu/* rm, } /usr/bin/tlsdate-dbus-announce { #include # Allow reading of /etc/tlsdate/ /etc/tlsdate/*/** r, # Allow reading of libs and /tmp /etc/ld.so.cache r, # Allow mapping of shared libraries /lib/* rm, /lib32/* rm, /lib64/* rm, /usr/lib/* rm, /lib/x86_64-linux-gnu/* rm, /usr/lib/x86_64-linux-gnu/* rm, } tlsdate-0.0.7/autogen.sh000077500000000000000000000007451230412117200151560ustar00rootroot00000000000000#!/bin/sh # # This generates our configure scripts and leads us onto the path of # the great Makefile... # set -e if [ ! -d config ]; then mkdir config; fi if [ $(uname) != FreeBSD ]; then WARNINGS="all,error" export WARNINGS fi if [ $(uname) = NetBSD ] || [ $(uname) = DragonFly ]; then WARNINGS="" export WARNINGS fi if [ $(uname) = "CYGWIN_NT-6.1" ] || [ $(uname) = "MINGW32_NT-6.1" ]; then WARNINGS="" export WARNINGS fi autoreconf --install --verbose --force tlsdate-0.0.7/ca-roots/000077500000000000000000000000001230412117200146765ustar00rootroot00000000000000tlsdate-0.0.7/ca-roots/tlsdate-ca-roots.conf000066400000000000000000010656461230412117200207540ustar00rootroot00000000000000# This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. # Issuer: CN=GTE CyberTrust Global Root O=GTE Corporation OU=GTE CyberTrust Solutions, Inc. # Subject: CN=GTE CyberTrust Global Root O=GTE Corporation OU=GTE CyberTrust Solutions, Inc. # Label: "GTE CyberTrust Global Root" # Serial: 421 # MD5 Fingerprint: ca:3d:d3:68:f1:03:5c:d0:32:fa:b8:2b:59:e8:5a:db # SHA1 Fingerprint: 97:81:79:50:d8:1c:96:70:cc:34:d8:09:cf:79:44:31:36:7e:f4:74 # SHA256 Fingerprint: a5:31:25:18:8d:21:10:aa:96:4b:02:c7:b7:c6:da:32:03:17:08:94:e5:fb:71:ff:fb:66:67:d5:e6:81:0a:36 -----BEGIN CERTIFICATE----- MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4 04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9 3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/ -----END CERTIFICATE----- # Issuer: CN=Thawte Server CA O=Thawte Consulting cc OU=Certification Services Division # Subject: CN=Thawte Server CA O=Thawte Consulting cc OU=Certification Services Division # Label: "Thawte Server CA" # Serial: 1 # MD5 Fingerprint: c5:70:c4:a2:ed:53:78:0c:c8:10:53:81:64:cb:d0:1d # SHA1 Fingerprint: 23:e5:94:94:51:95:f2:41:48:03:b4:d5:64:d2:a3:a3:f5:d8:8b:8c # SHA256 Fingerprint: b4:41:0b:73:e2:e6:ea:ca:47:fb:c4:2f:8f:a4:01:8a:f4:38:1d:c5:4c:fa:a8:44:50:46:1e:ed:09:45:4d:e9 -----BEGIN CERTIFICATE----- MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3 dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3 DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91 yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG 7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ qdq5snUb9kLy78fyGPmJvKP/iiMucEc= -----END CERTIFICATE----- # Issuer: CN=Thawte Premium Server CA O=Thawte Consulting cc OU=Certification Services Division # Subject: CN=Thawte Premium Server CA O=Thawte Consulting cc OU=Certification Services Division # Label: "Thawte Premium Server CA" # Serial: 1 # MD5 Fingerprint: 06:9f:69:79:16:66:90:02:1b:8c:8c:a2:c3:07:6f:3a # SHA1 Fingerprint: 62:7f:8d:78:27:65:63:99:d2:7d:7f:90:44:c9:fe:b3:f3:3e:fa:9a # SHA256 Fingerprint: ab:70:36:36:5c:71:54:aa:29:c2:c2:9f:5d:41:91:16:3b:16:2a:22:25:01:13:57:d5:6d:07:ff:a7:bc:1f:72 -----BEGIN CERTIFICATE----- MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG 9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg== -----END CERTIFICATE----- # Issuer: O=Equifax OU=Equifax Secure Certificate Authority # Subject: O=Equifax OU=Equifax Secure Certificate Authority # Label: "Equifax Secure CA" # Serial: 903804111 # MD5 Fingerprint: 67:cb:9d:c0:13:24:8a:82:9b:b2:17:1e:d1:1b:ec:d4 # SHA1 Fingerprint: d2:32:09:ad:23:d3:14:23:21:74:e4:0d:7f:9d:62:13:97:86:63:3a # SHA256 Fingerprint: 08:29:7a:40:47:db:a2:36:80:c7:31:db:6e:31:76:53:ca:78:48:e1:be:bd:3a:0b:01:79:a7:07:f9:2c:f1:78 -----BEGIN CERTIFICATE----- MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1 MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y 7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh 1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4 -----END CERTIFICATE----- # Issuer: O=Digital Signature Trust Co. OU=DSTCA E1 # Subject: O=Digital Signature Trust Co. OU=DSTCA E1 # Label: "Digital Signature Trust Co. Global CA 1" # Serial: 913315222 # MD5 Fingerprint: 25:7a:ba:83:2e:b6:a2:0b:da:fe:f5:02:0f:08:d7:ad # SHA1 Fingerprint: 81:96:8b:3a:ef:1c:dc:70:f5:fa:32:69:c2:92:a3:63:5b:d1:23:d3 # SHA256 Fingerprint: 63:04:19:ae:c4:78:cb:b4:bb:80:83:de:9d:9c:f2:79:75:2f:03:9d:ef:16:e4:64:71:b6:79:ca:93:00:2d:b0 -----BEGIN CERTIFICATE----- MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL EwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQwMjNaMEYxCzAJ BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x ETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCg bIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlREmlvMVW5SXIACH7TpWJENySZ j9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+LthzfNHwJmm8fOR6Hh8AMthyUQncWlV Sn5JTe2io74CTADKAqjuAQIxZA9SLRN0dja1erQtcQIBA6OCASQwggEgMBEGCWCG SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI RFNUQ0EgRTExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEw MjNagQ8yMDE4MTIxMDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5 fpFpRhgTCgJ3pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i +DAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG SIb3DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomAsH3+ gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6w4pl -----END CERTIFICATE----- # Issuer: O=Digital Signature Trust Co. OU=DSTCA E2 # Subject: O=Digital Signature Trust Co. OU=DSTCA E2 # Label: "Digital Signature Trust Co. Global CA 3" # Serial: 913232846 # MD5 Fingerprint: 93:c2:8e:11:7b:d4:f3:03:19:bd:28:75:13:4a:45:4a # SHA1 Fingerprint: ab:48:f3:33:db:04:ab:b9:c0:72:da:5b:0c:c1:d0:57:f0:36:9b:46 # SHA256 Fingerprint: 8f:62:d7:73:6f:99:db:d3:3e:e0:0e:10:c7:e3:29:33:9c:98:8a:5b:47:ef:25:f4:08:29:3c:f2:42:6b:4d:44 -----BEGIN CERTIFICATE----- MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL EwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3MjZaMEYxCzAJ BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x ETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/ k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fBw18DW9Fvrn5C6mYjuGODVvso LeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87eZfCocfdPJmyMvMa1795JJ/9IKn3o TQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd55FbgM2UnQIBA6OCASQwggEgMBEGCWCG SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI RFNUQ0EgRTIxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3 MjZagQ8yMDE4MTIwOTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6C TShlgDzJQW6sNS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5 WzAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG SIb3DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLbdHVL B3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlihw6ID -----END CERTIFICATE----- # Issuer: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority # Subject: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority # Label: "Verisign Class 3 Public Primary Certification Authority" # Serial: 149843929435818692848040365716851702463 # MD5 Fingerprint: 10:fc:63:5d:f6:26:3e:0d:f3:25:be:5f:79:cd:67:67 # SHA1 Fingerprint: 74:2c:31:92:e6:07:e4:24:eb:45:49:54:2b:e1:bb:c5:3e:61:74:e2 # SHA256 Fingerprint: e7:68:56:34:ef:ac:f6:9a:ce:93:9a:6b:25:5b:7b:4f:ab:ef:42:93:5b:50:a2:65:ac:b5:cb:60:27:e4:4e:70 -----BEGIN CERTIFICATE----- MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k -----END CERTIFICATE----- # Issuer: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority - G2/(c) 1998 VeriSign, Inc. - For authorized use only/VeriSign Trust Network # Subject: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority - G2/(c) 1998 VeriSign, Inc. - For authorized use only/VeriSign Trust Network # Label: "Verisign Class 3 Public Primary Certification Authority - G2" # Serial: 167285380242319648451154478808036881606 # MD5 Fingerprint: a2:33:9b:4c:74:78:73:d4:6c:e7:c1:f3:8d:cb:5c:e9 # SHA1 Fingerprint: 85:37:1c:a6:e5:50:14:3d:ce:28:03:47:1b:de:3a:09:e8:f8:77:0f # SHA256 Fingerprint: 83:ce:3c:12:29:68:8a:59:3d:48:5f:81:97:3c:0f:91:95:43:1e:da:37:cc:5e:36:43:0e:79:c7:a8:88:63:8b -----BEGIN CERTIFICATE----- MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5 MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4 pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0 13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY oJ2daZH9 -----END CERTIFICATE----- # Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA # Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA # Label: "GlobalSign Root CA" # Serial: 4835703278459707669005204 # MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a # SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c # SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99 -----BEGIN CERTIFICATE----- MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp 1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE 38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== -----END CERTIFICATE----- # Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R2 # Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R2 # Label: "GlobalSign Root CA - R2" # Serial: 4835703278459682885658125 # MD5 Fingerprint: 94:14:77:7e:3e:5e:fd:8f:30:bd:41:b0:cf:e7:d0:30 # SHA1 Fingerprint: 75:e0:ab:b6:13:85:12:27:1c:04:f8:5f:dd:de:38:e4:b7:24:2e:fe # SHA256 Fingerprint: ca:42:dd:41:74:5f:d0:b8:1e:b9:02:36:2c:f9:d8:bf:71:9d:a1:bd:1b:1e:fc:94:6f:5b:4c:99:f4:2c:1b:9e -----BEGIN CERTIFICATE----- MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG 3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO 291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== -----END CERTIFICATE----- # Issuer: CN=http://www.valicert.com/ O=ValiCert, Inc. OU=ValiCert Class 1 Policy Validation Authority # Subject: CN=http://www.valicert.com/ O=ValiCert, Inc. OU=ValiCert Class 1 Policy Validation Authority # Label: "ValiCert Class 1 VA" # Serial: 1 # MD5 Fingerprint: 65:58:ab:15:ad:57:6c:1e:a8:a7:b5:69:ac:bf:ff:eb # SHA1 Fingerprint: e5:df:74:3c:b6:01:c4:9b:98:43:dc:ab:8c:e8:6a:81:10:9f:e4:8e # SHA256 Fingerprint: f4:c1:49:55:1a:30:13:a3:5b:c7:bf:fe:17:a7:f3:44:9b:c1:ab:5b:5a:0a:e7:4b:06:c2:3b:90:00:4c:01:04 -----BEGIN CERTIFICATE----- MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0 IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG 9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIyMjM0OFoXDTE5MDYy NTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9Y LqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+ TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8Y TfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0 LBwGlN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLW I8sogTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI -----END CERTIFICATE----- # Issuer: CN=http://www.valicert.com/ O=ValiCert, Inc. OU=ValiCert Class 2 Policy Validation Authority # Subject: CN=http://www.valicert.com/ O=ValiCert, Inc. OU=ValiCert Class 2 Policy Validation Authority # Label: "ValiCert Class 2 VA" # Serial: 1 # MD5 Fingerprint: a9:23:75:9b:ba:49:36:6e:31:c2:db:f2:e7:66:ba:87 # SHA1 Fingerprint: 31:7a:2a:d0:7f:2b:33:5e:f5:a1:c3:4e:4b:57:e8:b7:d8:f1:fc:a6 # SHA256 Fingerprint: 58:d0:17:27:9c:d4:dc:63:ab:dd:b1:96:a6:c9:90:6c:30:c4:e0:87:83:ea:e8:c1:60:99:54:d6:93:55:59:6b -----BEGIN CERTIFICATE----- MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0 IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG 9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9 WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd -----END CERTIFICATE----- # Issuer: CN=http://www.valicert.com/ O=ValiCert, Inc. OU=ValiCert Class 3 Policy Validation Authority # Subject: CN=http://www.valicert.com/ O=ValiCert, Inc. OU=ValiCert Class 3 Policy Validation Authority # Label: "RSA Root Certificate 1" # Serial: 1 # MD5 Fingerprint: a2:6f:53:b7:ee:40:db:4a:68:e7:fa:18:d9:10:4b:72 # SHA1 Fingerprint: 69:bd:8c:f4:9c:d3:00:fb:59:2e:17:93:ca:55:6a:f3:ec:aa:35:fb # SHA256 Fingerprint: bc:23:f9:8a:31:3c:b9:2d:e3:bb:fc:3a:5a:9f:44:61:ac:39:49:4c:4a:e1:5a:9e:9d:f1:31:e9:9b:73:01:9a -----BEGIN CERTIFICATE----- MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0 IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG 9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs 2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu -----END CERTIFICATE----- # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 1999 VeriSign, Inc. - For authorized use only # Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 1999 VeriSign, Inc. - For authorized use only # Label: "Verisign Class 3 Public Primary Certification Authority - G3" # Serial: 206684696279472310254277870180966723415 # MD5 Fingerprint: cd:68:b6:a7:c7:c4:ce:75:e0:1d:4f:57:44:61:92:09 # SHA1 Fingerprint: 13:2d:0d:45:53:4b:69:97:cd:b2:d5:c3:39:e2:55:76:60:9b:5c:c6 # SHA256 Fingerprint: eb:04:cf:5e:b1:f3:9a:fa:76:2f:2b:b1:20:f2:96:cb:a5:20:c1:b9:7d:b1:58:95:65:b8:1c:b9:a1:7b:72:44 -----BEGIN CERTIFICATE----- MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te 2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC /Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== -----END CERTIFICATE----- # Issuer: CN=VeriSign Class 4 Public Primary Certification Authority - G3 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 1999 VeriSign, Inc. - For authorized use only # Subject: CN=VeriSign Class 4 Public Primary Certification Authority - G3 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 1999 VeriSign, Inc. - For authorized use only # Label: "Verisign Class 4 Public Primary Certification Authority - G3" # Serial: 314531972711909413743075096039378935511 # MD5 Fingerprint: db:c8:f2:27:2e:b1:ea:6a:29:23:5d:fe:56:3e:33:df # SHA1 Fingerprint: c8:ec:8c:87:92:69:cb:4b:ab:39:e9:8d:7e:57:67:f3:14:95:73:9d # SHA256 Fingerprint: e3:89:36:0d:0f:db:ae:b3:d2:50:58:4b:47:30:31:4e:22:2f:39:c1:56:a0:20:14:4e:8d:96:05:61:79:15:06 -----BEGIN CERTIFICATE----- MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1 GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ +mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/ ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1 CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c 2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/ bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg== -----END CERTIFICATE----- # Issuer: CN=Entrust.net Secure Server Certification Authority O=Entrust.net OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/(c) 1999 Entrust.net Limited # Subject: CN=Entrust.net Secure Server Certification Authority O=Entrust.net OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/(c) 1999 Entrust.net Limited # Label: "Entrust.net Secure Server CA" # Serial: 927650371 # MD5 Fingerprint: df:f2:80:73:cc:f1:e6:61:73:fc:f5:42:e9:c5:7c:ee # SHA1 Fingerprint: 99:a6:9b:e6:1a:fe:88:6b:4d:2b:82:00:7c:b8:54:fc:31:7e:15:39 # SHA256 Fingerprint: 62:f2:40:27:8c:56:4c:4d:d8:bf:7d:9d:4f:6f:36:6e:a8:94:d2:2f:5f:34:d9:89:a9:83:ac:ec:2f:ff:ed:50 -----BEGIN CERTIFICATE----- MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1 MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/ I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3 wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5 BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0 MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN 95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd 2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI= -----END CERTIFICATE----- # Issuer: CN=Entrust.net Certification Authority (2048) O=Entrust.net OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/(c) 1999 Entrust.net Limited # Subject: CN=Entrust.net Certification Authority (2048) O=Entrust.net OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/(c) 1999 Entrust.net Limited # Label: "Entrust.net Premium 2048 Secure Server CA" # Serial: 946059622 # MD5 Fingerprint: ba:21:ea:20:d6:dd:db:8f:c1:57:8b:40:ad:a1:fc:fc # SHA1 Fingerprint: 80:1d:62:d0:7b:44:9d:5c:5c:03:5c:98:ea:61:fa:44:3c:2a:58:fe # SHA256 Fingerprint: d1:c3:39:ea:27:84:eb:87:0f:93:4f:c5:63:4e:4a:a9:ad:55:05:01:64:01:f2:64:65:d3:7a:57:46:63:35:9f -----BEGIN CERTIFICATE----- MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0xOTEy MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH 4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB0RGA vtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMB0G CSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA WUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFhfGPjK50xA3B20qMo oPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVUKcgF7bISKo30Axv/55IQ h7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaohowXkCIryqptau37AUX7iH0N18 f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2+z7pnIkPFc4YsIV4IU9rTw76NmfN B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy vUxFnmG6v4SBkgPR0ml8xQ== -----END CERTIFICATE----- # Issuer: CN=Baltimore CyberTrust Root O=Baltimore OU=CyberTrust # Subject: CN=Baltimore CyberTrust Root O=Baltimore OU=CyberTrust # Label: "Baltimore CyberTrust Root" # Serial: 33554617 # MD5 Fingerprint: ac:b6:94:a5:9c:17:e0:d7:91:52:9b:b1:97:06:a6:e4 # SHA1 Fingerprint: d4:de:20:d0:5e:66:fc:53:fe:1a:50:88:2c:78:db:28:52:ca:e4:74 # SHA256 Fingerprint: 16:af:57:a9:f6:76:b0:ab:12:60:95:aa:5e:ba:de:f2:2a:b3:11:19:d6:44:ac:95:cd:4b:93:db:f3:f2:6a:eb -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp -----END CERTIFICATE----- # Issuer: CN=Equifax Secure Global eBusiness CA-1 O=Equifax Secure Inc. # Subject: CN=Equifax Secure Global eBusiness CA-1 O=Equifax Secure Inc. # Label: "Equifax Secure Global eBusiness CA" # Serial: 1 # MD5 Fingerprint: 8f:5d:77:06:27:c4:98:3c:5b:93:78:e7:d7:7d:9b:cc # SHA1 Fingerprint: 7e:78:4a:10:1c:82:65:cc:2d:e1:f1:6d:47:b4:40:ca:d9:0a:19:45 # SHA256 Fingerprint: 5f:0b:62:ea:b5:e3:53:ea:65:21:65:16:58:fb:b6:53:59:f4:43:28:0a:4a:fb:d1:04:d7:7d:10:f9:f0:4c:07 -----BEGIN CERTIFICATE----- MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJVUzEc MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1aWZheCBT ZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIw MDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2Vj dXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l c3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuucXkAJlsTRVPEnC UdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQytd4zjTov2/KaelpzmKNc6fuKcxtc 58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORROhI8bIpaVIRw28HFkM9yRcuoWcDNM50/ o5brhTMhHD4ePmBudpxnhcXIw2ECAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAH MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1dr aGwwHQYDVR0OBBYEFL6ooHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUA A4GBADDiAVGqx+pf2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkA Z70Br83gcfxaz2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv 8qIYNMR1pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV -----END CERTIFICATE----- # Issuer: CN=Equifax Secure eBusiness CA-1 O=Equifax Secure Inc. # Subject: CN=Equifax Secure eBusiness CA-1 O=Equifax Secure Inc. # Label: "Equifax Secure eBusiness CA 1" # Serial: 4 # MD5 Fingerprint: 64:9c:ef:2e:44:fc:c6:8f:52:07:d0:51:73:8f:cb:3d # SHA1 Fingerprint: da:40:18:8b:91:89:a3:ed:ee:ae:da:97:fe:2f:9d:f5:b7:d1:8a:41 # SHA256 Fingerprint: cf:56:ff:46:a4:a1:86:10:9d:d9:65:84:b5:ee:b5:8a:51:0c:42:75:b0:e5:f9:4f:40:bb:ae:86:5e:19:f6:73 -----BEGIN CERTIFICATE----- MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJVUzEc MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBT ZWN1cmUgZUJ1c2luZXNzIENBLTEwHhcNOTkwNjIxMDQwMDAwWhcNMjAwNjIxMDQw MDAwWjBTMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5j LjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2luZXNzIENBLTEwgZ8wDQYJ KoZIhvcNAQEBBQADgY0AMIGJAoGBAM4vGbwXt3fek6lfWg0XTzQaDJj0ItlZ1MRo RvC0NcWFAyDGr0WlIVFFQesWWDYyb+JQYmT5/VGcqiTZ9J2DKocKIdMSODRsjQBu WqDZQu4aIZX5UkxVWsUPOE9G+m34LjXWHXzr4vCwdYDIqROsvojvOm6rXyo4YgKw Env+j6YDAgMBAAGjZjBkMBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTAD AQH/MB8GA1UdIwQYMBaAFEp4MlIR21kWNl7fwRQ2QGpHfEyhMB0GA1UdDgQWBBRK eDJSEdtZFjZe38EUNkBqR3xMoTANBgkqhkiG9w0BAQQFAAOBgQB1W6ibAxHm6VZM zfmpTMANmvPMZWnmJXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5lSE/9dR+ WB5Hh1Q+WKG1tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN /Bf+KpYrtWKmpj29f5JZzVoqgrI3eQ== -----END CERTIFICATE----- # Issuer: O=Equifax Secure OU=Equifax Secure eBusiness CA-2 # Subject: O=Equifax Secure OU=Equifax Secure eBusiness CA-2 # Label: "Equifax Secure eBusiness CA 2" # Serial: 930140085 # MD5 Fingerprint: aa:bf:bf:64:97:da:98:1d:6f:c6:08:3a:95:70:33:ca # SHA1 Fingerprint: 39:4f:f6:85:0b:06:be:52:e5:18:56:cc:10:e1:80:e8:82:b3:85:cc # SHA256 Fingerprint: 2f:27:4e:48:ab:a4:ac:7b:76:59:33:10:17:75:50:6d:c3:0e:e3:8e:f6:ac:d5:c0:49:32:cf:e0:41:23:42:20 -----BEGIN CERTIFICATE----- MIIDIDCCAomgAwIBAgIEN3DPtTANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV UzEXMBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2Vj dXJlIGVCdXNpbmVzcyBDQS0yMB4XDTk5MDYyMzEyMTQ0NVoXDTE5MDYyMzEyMTQ0 NVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkVxdWlmYXggU2VjdXJlMSYwJAYD VQQLEx1FcXVpZmF4IFNlY3VyZSBlQnVzaW5lc3MgQ0EtMjCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEA5Dk5kx5SBhsoNviyoynF7Y6yEb3+6+e0dMKP/wXn2Z0G vxLIPw7y1tEkshHe0XMJitSxLJgJDR5QRrKDpkWNYmi7hRsgcDKqQM2mll/EcTc/ BPO3QSQ5BxoeLmFYoBIL5aXfxavqN3HMHMg3OrmXUqesxWoklE6ce8/AatbfIb0C AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEX MBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2VjdXJl IGVCdXNpbmVzcyBDQS0yMQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTkw NjIzMTIxNDQ1WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUUJ4L6q9euSBIplBq y/3YIHqngnYwHQYDVR0OBBYEFFCeC+qvXrkgSKZQasv92CB6p4J2MAwGA1UdEwQF MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA A4GBAAyGgq3oThr1jokn4jVYPSm0B482UJW/bsGe68SQsoWou7dC4A8HOd/7npCy 0cE+U58DRLB+S/Rv5Hwf5+Kx5Lia78O9zt4LMjTZ3ijtM2vE1Nc9ElirfQkty3D1 E4qUoSek1nDFbZS1yX2doNLGCEnZZpum0/QL3MUmV+GRMOrN -----END CERTIFICATE----- # Issuer: CN=AddTrust Class 1 CA Root O=AddTrust AB OU=AddTrust TTP Network # Subject: CN=AddTrust Class 1 CA Root O=AddTrust AB OU=AddTrust TTP Network # Label: "AddTrust Low-Value Services Root" # Serial: 1 # MD5 Fingerprint: 1e:42:95:02:33:92:6b:b9:5f:c0:7f:da:d6:b2:4b:fc # SHA1 Fingerprint: cc:ab:0e:a0:4c:23:01:d6:69:7b:dd:37:9f:cd:12:eb:24:e3:94:9d # SHA256 Fingerprint: 8c:72:09:27:9a:c0:4e:27:5e:16:d0:7f:d3:b7:75:e8:01:54:b5:96:80:46:e3:1f:52:dd:25:76:63:24:e9:a7 -----BEGIN CERTIFICATE----- MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC +Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X 7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz 43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= -----END CERTIFICATE----- # Issuer: CN=AddTrust External CA Root O=AddTrust AB OU=AddTrust External TTP Network # Subject: CN=AddTrust External CA Root O=AddTrust AB OU=AddTrust External TTP Network # Label: "AddTrust External Root" # Serial: 1 # MD5 Fingerprint: 1d:35:54:04:85:78:b0:3f:42:42:4d:bf:20:73:0a:3f # SHA1 Fingerprint: 02:fa:f3:e2:91:43:54:68:60:78:57:69:4d:f5:e4:5b:68:85:18:68 # SHA256 Fingerprint: 68:7f:a4:51:38:22:78:ff:f0:c8:b1:1f:8d:43:d5:76:67:1c:6e:b2:bc:ea:b4:13:fb:83:d9:65:d0:6d:2f:f2 -----BEGIN CERTIFICATE----- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE----- # Issuer: CN=AddTrust Public CA Root O=AddTrust AB OU=AddTrust TTP Network # Subject: CN=AddTrust Public CA Root O=AddTrust AB OU=AddTrust TTP Network # Label: "AddTrust Public Services Root" # Serial: 1 # MD5 Fingerprint: c1:62:3e:23:c5:82:73:9c:03:59:4b:2b:e9:77:49:7f # SHA1 Fingerprint: 2a:b6:28:48:5e:78:fb:f3:ad:9e:79:10:dd:6b:df:99:72:2c:96:e5 # SHA256 Fingerprint: 07:91:ca:07:49:b2:07:82:aa:d3:c7:d7:bd:0c:df:c9:48:58:35:84:3e:b2:d7:99:60:09:ce:43:ab:6c:69:27 -----BEGIN CERTIFICATE----- MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAx MDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtB ZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIDAeBgNV BAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV 6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nX GCwwfQ56HmIexkvA/X1id9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnP dzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH 1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF 62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQW BBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw AwEB/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDEL MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJv b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6 IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/ iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh 4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY= -----END CERTIFICATE----- # Issuer: CN=AddTrust Qualified CA Root O=AddTrust AB OU=AddTrust TTP Network # Subject: CN=AddTrust Qualified CA Root O=AddTrust AB OU=AddTrust TTP Network # Label: "AddTrust Qualified Certificates Root" # Serial: 1 # MD5 Fingerprint: 27:ec:39:47:cd:da:5a:af:e2:9a:01:65:21:a9:4c:bb # SHA1 Fingerprint: 4d:23:78:ec:91:95:39:b5:00:7f:75:8f:03:3b:21:1e:c5:4d:8b:cf # SHA256 Fingerprint: 80:95:21:08:05:db:4b:bc:35:5e:44:28:d8:fd:6e:c2:cd:e3:ab:5f:b9:7a:99:42:98:8e:b8:f4:dc:d0:60:16 -----BEGIN CERTIFICATE----- MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1 MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQwEgYDVQQK EwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwq xBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G 87B4pfYOQnrjfxvM0PC3KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i 2O+tCBGaKZnhqkRFmhJePp1tUvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8U WfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c1 0cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0G A1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0T AQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlm aWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTv hsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlm hpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3 P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no xqE= -----END CERTIFICATE----- # Issuer: CN=Entrust Root Certification Authority O=Entrust, Inc. OU=www.entrust.net/CPS is incorporated by reference/(c) 2006 Entrust, Inc. # Subject: CN=Entrust Root Certification Authority O=Entrust, Inc. OU=www.entrust.net/CPS is incorporated by reference/(c) 2006 Entrust, Inc. # Label: "Entrust Root Certification Authority" # Serial: 1164660820 # MD5 Fingerprint: d6:a5:c3:ed:5d:dd:3e:00:c1:3d:87:92:1f:1d:3f:e4 # SHA1 Fingerprint: b3:1e:b1:b7:40:e3:6c:84:02:da:dc:37:d4:4d:f5:d4:67:49:52:f9 # SHA256 Fingerprint: 73:c1:76:43:4f:1b:c6:d5:ad:f4:5b:0e:76:e7:27:28:7c:8d:e5:76:16:c1:e6:e6:14:1a:2b:2c:bc:7d:8e:4c -----BEGIN CERTIFICATE----- MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi 94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP 9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m 0vdXcDazv/wor3ElhVsT/h5/WrQ8 -----END CERTIFICATE----- # Issuer: O=RSA Security Inc OU=RSA Security 2048 V3 # Subject: O=RSA Security Inc OU=RSA Security 2048 V3 # Label: "RSA Security 2048 v3" # Serial: 13297492616345471454730593562152402946 # MD5 Fingerprint: 77:0d:19:b1:21:fd:00:42:9c:3e:0c:a5:dd:0b:02:8e # SHA1 Fingerprint: 25:01:90:19:cf:fb:d9:99:1c:b7:68:25:74:8d:94:5f:30:93:95:42 # SHA256 Fingerprint: af:8b:67:62:a1:e5:28:22:81:61:a9:5d:5c:55:9e:e2:66:27:8f:75:d7:9e:83:01:89:a5:03:50:6a:bd:6b:4c -----BEGIN CERTIFICATE----- MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUFADA6 MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp dHkgMjA0OCBWMzAeFw0wMTAyMjIyMDM5MjNaFw0yNjAyMjIyMDM5MjNaMDoxGTAX BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAy MDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt49VcdKA3Xtp eafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37RqtBaB4Y6lXIL5F4iSj7Jylg /9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E0S1PRsNO3Ng3OTsor8udGuorryGl wSMiuLgbWhOHV4PR8CDn6E8jQrAApX2J6elhc5SYcSa8LWrg903w8bYqODGBDSnh AMFRD0xS+ARaqn1y07iHKrtjEAMqs6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2 PcYJk5qjEoAAVZkZR73QpXzDuvsf9/UP+Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpu AWgXIszACwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB BjAfBgNVHSMEGDAWgBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4EFgQUB8NR MKSq6UWuNST6/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYc HnmYv/3VEhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/ Zb5gEydxiKRz44Rj0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+ f00/FGj1EVDVwfSQpQgdMWD/YIwjVAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJqaHVO rSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395nzIlQnQFgCi/vcEkllgVsRch 6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kApKnXwiJPZ9d3 7CAFYd4= -----END CERTIFICATE----- # Issuer: CN=GeoTrust Global CA O=GeoTrust Inc. # Subject: CN=GeoTrust Global CA O=GeoTrust Inc. # Label: "GeoTrust Global CA" # Serial: 144470 # MD5 Fingerprint: f7:75:ab:29:fb:51:4e:b7:77:5e:ff:05:3c:99:8e:f5 # SHA1 Fingerprint: de:28:f4:a4:ff:e5:b9:2f:a3:c5:03:d1:a3:49:a7:f9:96:2a:82:12 # SHA256 Fingerprint: ff:85:6a:2d:25:1d:cd:88:d3:66:56:f4:50:12:67:98:cf:ab:aa:de:40:79:9c:72:2d:e4:d2:b5:db:36:a7:3a -----BEGIN CERTIFICATE----- MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU 1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV 5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== -----END CERTIFICATE----- # Issuer: CN=GeoTrust Global CA 2 O=GeoTrust Inc. # Subject: CN=GeoTrust Global CA 2 O=GeoTrust Inc. # Label: "GeoTrust Global CA 2" # Serial: 1 # MD5 Fingerprint: 0e:40:a7:6c:de:03:5d:8f:d1:0f:e4:d1:8d:f9:6c:a9 # SHA1 Fingerprint: a9:e9:78:08:14:37:58:88:f2:05:19:b0:6d:2b:0d:2b:60:16:90:7d # SHA256 Fingerprint: ca:2d:82:a0:86:77:07:2f:8a:b6:76:4f:f0:35:67:6c:fe:3e:5e:32:5e:01:21:72:df:3f:92:09:6d:b7:9b:85 -----BEGIN CERTIFICATE----- MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEW MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFs IENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQG EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg R2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvPE1A PRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/NTL8 Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hL TytCOb1kLUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL 5mkWRxHCJ1kDs6ZgwiFAVvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7 S4wMcoKK+xfNAGw6EzywhIdLFnopsk/bHdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe 2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE FHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNHK266ZUap EBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6td EPx7srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv /NgdRN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0 abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa4qjJqhIF I8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqFH4z1Ir+rzoPz 4iIprn2DQKi6bA== -----END CERTIFICATE----- # Issuer: CN=GeoTrust Universal CA O=GeoTrust Inc. # Subject: CN=GeoTrust Universal CA O=GeoTrust Inc. # Label: "GeoTrust Universal CA" # Serial: 1 # MD5 Fingerprint: 92:65:58:8b:a2:1a:31:72:73:68:5c:b4:a5:7a:07:48 # SHA1 Fingerprint: e6:21:f3:35:43:79:05:9a:4b:68:30:9d:8a:2f:74:22:15:87:ec:79 # SHA256 Fingerprint: a0:45:9b:9f:63:b2:25:59:f5:fa:5d:4c:6d:b3:f9:f7:2f:f1:93:42:03:35:78:f0:73:bf:1d:1b:46:cb:b9:12 -----BEGIN CERTIFICATE----- MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0 IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8 cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+ nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB /wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG 9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9 ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw= -----END CERTIFICATE----- # Issuer: CN=GeoTrust Universal CA 2 O=GeoTrust Inc. # Subject: CN=GeoTrust Universal CA 2 O=GeoTrust Inc. # Label: "GeoTrust Universal CA 2" # Serial: 1 # MD5 Fingerprint: 34:fc:b8:d0:36:db:9e:14:b3:c2:f2:db:8f:e4:94:c7 # SHA1 Fingerprint: 37:9a:19:7b:41:85:45:35:0c:a6:03:69:f3:3c:2e:af:47:4f:20:79 # SHA256 Fingerprint: a0:23:4f:3b:c8:52:7c:a5:62:8e:ec:81:ad:5d:69:89:5d:a5:68:0d:c9:1d:1c:b8:47:7f:33:f8:78:b9:5b:0b -----BEGIN CERTIFICATE----- MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1 c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81 WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73 y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4 Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m 1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH 6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS -----END CERTIFICATE----- # Issuer: CN=America Online Root Certification Authority 1 O=America Online Inc. # Subject: CN=America Online Root Certification Authority 1 O=America Online Inc. # Label: "America Online Root Certification Authority 1" # Serial: 1 # MD5 Fingerprint: 14:f1:08:ad:9d:fa:64:e2:89:e7:1c:cf:a8:ad:7d:5e # SHA1 Fingerprint: 39:21:c1:15:c1:5d:0e:ca:5c:cb:5b:c4:f0:7d:21:d8:05:0b:56:6a # SHA256 Fingerprint: 77:40:73:12:c6:3a:15:3d:5b:c0:0b:4e:51:75:9c:df:da:c2:37:dc:2a:33:b6:79:46:e9:8e:9b:fa:68:0a:e3 -----BEGIN CERTIFICATE----- MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2 MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym 1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb 2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7 -----END CERTIFICATE----- # Issuer: CN=America Online Root Certification Authority 2 O=America Online Inc. # Subject: CN=America Online Root Certification Authority 2 O=America Online Inc. # Label: "America Online Root Certification Authority 2" # Serial: 1 # MD5 Fingerprint: d6:ed:3c:ca:e2:66:0f:af:10:43:0d:77:9b:04:09:bf # SHA1 Fingerprint: 85:b5:ff:67:9b:0c:79:96:1f:c8:6e:44:22:00:46:13:db:17:92:84 # SHA256 Fingerprint: 7d:3b:46:5a:60:14:e5:26:c0:af:fc:ee:21:27:d2:31:17:27:ad:81:1c:26:84:2d:00:6a:f3:73:06:cc:80:bd -----BEGIN CERTIFICATE----- MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2 MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC 206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2 JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9 BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67 Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3 +L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2 LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8 CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw RY8mkaKO/qk= -----END CERTIFICATE----- # Issuer: CN=Visa eCommerce Root O=VISA OU=Visa International Service Association # Subject: CN=Visa eCommerce Root O=VISA OU=Visa International Service Association # Label: "Visa eCommerce Root" # Serial: 25952180776285836048024890241505565794 # MD5 Fingerprint: fc:11:b8:d8:08:93:30:00:6d:23:f9:7e:eb:52:1e:02 # SHA1 Fingerprint: 70:17:9b:86:8c:00:a4:fa:60:91:52:22:3f:9f:3e:32:bd:e0:05:62 # SHA256 Fingerprint: 69:fa:c9:bd:55:fb:0a:c7:8d:53:bb:ee:5c:f1:d5:97:98:9f:d0:aa:ab:20:a2:51:51:bd:f1:73:3e:e7:d1:22 -----BEGIN CERTIFICATE----- MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h 2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq 299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3 LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd 7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw ++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt 398znM/jra6O1I7mT1GvFpLgXPYHDw== -----END CERTIFICATE----- # Issuer: CN=Certum CA O=Unizeto Sp. z o.o. # Subject: CN=Certum CA O=Unizeto Sp. z o.o. # Label: "Certum Root CA" # Serial: 65568 # MD5 Fingerprint: 2c:8f:9f:66:1d:18:90:b1:47:26:9d:8e:86:82:8c:a9 # SHA1 Fingerprint: 62:52:dc:40:f7:11:43:a2:2f:de:9e:f7:34:8e:06:42:51:b1:81:18 # SHA256 Fingerprint: d8:e0:fe:bc:1d:b2:e3:8d:00:94:0f:37:d2:7d:41:34:4d:99:3e:73:4b:99:d5:65:6d:97:78:d4:d8:14:36:24 -----BEGIN CERTIFICATE----- MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7 HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs 6GAqm4VKQPNriiTsBhYscw== -----END CERTIFICATE----- # Issuer: CN=AAA Certificate Services O=Comodo CA Limited # Subject: CN=AAA Certificate Services O=Comodo CA Limited # Label: "Comodo AAA Services root" # Serial: 1 # MD5 Fingerprint: 49:79:04:b0:eb:87:19:ac:47:b0:bc:11:51:9b:74:d0 # SHA1 Fingerprint: d1:eb:23:a4:6d:17:d6:8f:d9:25:64:c2:f1:f1:60:17:64:d8:e3:49 # SHA256 Fingerprint: d7:a7:a0:fb:5d:7e:27:31:d7:71:e9:48:4e:bc:de:f7:1d:5f:0c:3e:0a:29:48:78:2b:c8:3e:e0:ea:69:9e:f4 -----BEGIN CERTIFICATE----- MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe 3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== -----END CERTIFICATE----- # Issuer: CN=Secure Certificate Services O=Comodo CA Limited # Subject: CN=Secure Certificate Services O=Comodo CA Limited # Label: "Comodo Secure Services root" # Serial: 1 # MD5 Fingerprint: d3:d9:bd:ae:9f:ac:67:24:b3:c8:1b:52:e1:b9:a9:bd # SHA1 Fingerprint: 4a:65:d5:f4:1d:ef:39:b8:b8:90:4a:4a:d3:64:81:33:cf:c7:a1:d1 # SHA256 Fingerprint: bd:81:ce:3b:4f:65:91:d1:1a:67:b5:fc:7a:47:fd:ef:25:52:1b:f9:aa:4e:18:b9:e3:df:2e:34:a7:80:3b:e8 -----BEGIN CERTIFICATE----- MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEb MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRp ZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVow fjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAiBgNV BAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPM cm3ye5drswfxdySRXyWP9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3S HpR7LZQdqnXXs5jLrLxkU0C8j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996 CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk 3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz 6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNV HQ4EFgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud EwEB/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRw Oi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww DQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm4J4oqF7Tt/Q0 5qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtI gKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJ aD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDl izeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1HRR3B7Hzs/Sk= -----END CERTIFICATE----- # Issuer: CN=Trusted Certificate Services O=Comodo CA Limited # Subject: CN=Trusted Certificate Services O=Comodo CA Limited # Label: "Comodo Trusted Services root" # Serial: 1 # MD5 Fingerprint: 91:1b:3f:6e:cd:9e:ab:ee:07:fe:1f:71:d2:b3:61:27 # SHA1 Fingerprint: e1:9f:e3:0e:8b:84:60:9e:80:9b:17:0d:72:a8:c5:ba:6e:14:09:bd # SHA256 Fingerprint: 3f:06:e5:56:81:d4:96:f5:be:16:9e:b5:38:9f:9f:2b:8f:f6:1e:17:08:df:68:81:72:48:49:cd:5d:27:cb:69 -----BEGIN CERTIFICATE----- MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0 aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW 1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7 kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/ HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32 pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+ xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi -----END CERTIFICATE----- # Issuer: CN=QuoVadis Root Certification Authority O=QuoVadis Limited OU=Root Certification Authority # Subject: CN=QuoVadis Root Certification Authority O=QuoVadis Limited OU=Root Certification Authority # Label: "QuoVadis Root CA" # Serial: 985026699 # MD5 Fingerprint: 27:de:36:fe:72:b7:00:03:00:9d:f4:f0:1e:6c:04:24 # SHA1 Fingerprint: de:3f:40:bd:50:93:d3:9b:6c:60:f6:da:bc:07:62:01:00:89:76:c9 # SHA256 Fingerprint: a4:5e:de:3b:bb:f0:9c:8a:e1:5c:72:ef:c0:72:68:d6:93:a2:1c:99:6f:d5:1e:67:ca:07:94:60:fd:6d:88:73 -----BEGIN CERTIFICATE----- MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK SnQ2+Q== -----END CERTIFICATE----- # Issuer: CN=QuoVadis Root CA 2 O=QuoVadis Limited # Subject: CN=QuoVadis Root CA 2 O=QuoVadis Limited # Label: "QuoVadis Root CA 2" # Serial: 1289 # MD5 Fingerprint: 5e:39:7b:dd:f8:ba:ec:82:e9:ac:62:ba:0c:54:00:2b # SHA1 Fingerprint: ca:3a:fb:cf:12:40:36:4b:44:b2:16:20:88:80:48:39:19:93:7c:f7 # SHA256 Fingerprint: 85:a0:dd:7d:d7:20:ad:b7:ff:05:f8:3d:54:2b:20:9d:c7:ff:45:28:f7:d6:77:b1:83:89:fe:a5:e5:c4:9e:86 -----BEGIN CERTIFICATE----- MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp +ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og /zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y 4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza 8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u -----END CERTIFICATE----- # Issuer: CN=QuoVadis Root CA 3 O=QuoVadis Limited # Subject: CN=QuoVadis Root CA 3 O=QuoVadis Limited # Label: "QuoVadis Root CA 3" # Serial: 1478 # MD5 Fingerprint: 31:85:3c:62:94:97:63:b9:aa:fd:89:4e:af:6f:e0:cf # SHA1 Fingerprint: 1f:49:14:f7:d8:74:95:1d:dd:ae:02:c0:be:fd:3a:2d:82:75:51:85 # SHA256 Fingerprint: 18:f1:fc:7f:20:5d:f8:ad:dd:eb:7f:e0:07:dd:57:e3:af:37:5a:9c:4d:8d:73:54:6b:f4:f1:fe:d1:e1:8d:35 -----BEGIN CERTIFICATE----- MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB 4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd 8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A 4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd +LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B 4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK 4SVhM7JZG+Ju1zdXtg2pEto= -----END CERTIFICATE----- # Issuer: O=SECOM Trust.net OU=Security Communication RootCA1 # Subject: O=SECOM Trust.net OU=Security Communication RootCA1 # Label: "Security Communication Root CA" # Serial: 0 # MD5 Fingerprint: f1:bc:63:6a:54:e0:b5:27:f5:cd:e7:1a:e3:4d:6e:4a # SHA1 Fingerprint: 36:b1:2b:49:f9:81:9e:d7:4c:9e:bc:38:0f:c6:56:8f:5d:ac:b2:f7 # SHA256 Fingerprint: e7:5e:72:ed:9f:56:0e:ec:6e:b4:80:00:73:a4:3f:c3:ad:19:19:5a:39:22:82:01:78:95:97:4a:99:02:6b:6c -----BEGIN CERTIFICATE----- MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== -----END CERTIFICATE----- # Issuer: CN=Sonera Class2 CA O=Sonera # Subject: CN=Sonera Class2 CA O=Sonera # Label: "Sonera Class 2 Root CA" # Serial: 29 # MD5 Fingerprint: a3:ec:75:0f:2e:88:df:fa:48:01:4e:0b:5c:48:6f:fb # SHA1 Fingerprint: 37:f7:6d:e6:07:7c:90:c5:b1:3e:93:1a:b7:41:10:b4:f2:e4:9a:27 # SHA256 Fingerprint: 79:08:b4:03:14:c1:38:10:0b:51:8d:07:35:80:7f:fb:fc:f8:51:8a:00:95:33:71:05:ba:38:6b:15:3d:d9:27 -----BEGIN CERTIFICATE----- MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt 5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s 3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu 8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ 3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M -----END CERTIFICATE----- # Issuer: CN=Staat der Nederlanden Root CA O=Staat der Nederlanden # Subject: CN=Staat der Nederlanden Root CA O=Staat der Nederlanden # Label: "Staat der Nederlanden Root CA" # Serial: 10000010 # MD5 Fingerprint: 60:84:7c:5a:ce:db:0c:d4:cb:a7:e9:fe:02:c6:a9:c0 # SHA1 Fingerprint: 10:1d:fa:3f:d5:0b:cb:bb:9b:b5:60:0c:19:55:a4:1a:f4:73:3a:04 # SHA256 Fingerprint: d4:1d:82:9e:8c:16:59:82:2a:f9:3f:ce:62:bf:fc:de:26:4f:c8:4e:8b:95:0c:5f:f2:75:d0:52:35:46:95:a3 -----BEGIN CERTIFICATE----- MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJO TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFh dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQTAeFw0wMjEyMTcwOTIzNDlaFw0xNTEy MTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4wHAYDVQQKExVTdGFhdCBkZXIgTmVk ZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRlcmxhbmRlbiBSb290IENB MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNK1URF6gaYUmHFtvszn ExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rFDBKeNVU+LCeIQGv33N0iYfXCxw71 9tV2U02PjLwYdjeFnejKScfST5gTCaI+Ioicf9byEGW07l8Y1Rfj+MX94p2i71MO hXeiD+EwR+4A5zN9RGcaC1Hoi6CeUJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+U tFE5A3+y3qcym7RHjm+0Sq7lr7HcsBthvJly3uSJt3omXdozSVtSnA71iq3DuD3o BmrC1SoLbHuEvVYFy4ZlkuxEK7COudxwC0barbxjiDn622r+I/q85Ej0ZytqERAh SQIDAQABo4GRMIGOMAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRVHSAAMDww OgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMv cm9vdC1wb2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA 7Jbg0zTBLL9s+DANBgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k /rvuFbQvBgwp8qiSpGEN/KtcCFtREytNwiphyPgJWPwtArI5fZlmgb9uXJVFIGzm eafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbwMVcoEoJz6TMvplW0C5GUR5z6 u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3ynGQI0DvDKcWy 7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBpIzlWYGeQiy52OfsR iJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYVwSR8MnwDHTuhWEUykw== -----END CERTIFICATE----- # Issuer: O=TDC Internet OU=TDC Internet Root CA # Subject: O=TDC Internet OU=TDC Internet Root CA # Label: "TDC Internet Root CA" # Serial: 986490188 # MD5 Fingerprint: 91:f4:03:55:20:a1:f8:63:2c:62:de:ac:fb:61:1c:8e # SHA1 Fingerprint: 21:fc:bd:8e:7f:6c:af:05:1b:d1:b3:43:ec:a8:e7:61:47:f2:0f:8a # SHA256 Fingerprint: 48:98:c6:88:8c:0c:ff:b0:d3:e3:1a:ca:8a:37:d4:e3:51:5f:f7:46:d0:26:35:d8:66:46:cf:a0:a3:18:5a:e7 -----BEGIN CERTIFICATE----- MIIEKzCCAxOgAwIBAgIEOsylTDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJE SzEVMBMGA1UEChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQg Um9vdCBDQTAeFw0wMTA0MDUxNjMzMTdaFw0yMTA0MDUxNzAzMTdaMEMxCzAJBgNV BAYTAkRLMRUwEwYDVQQKEwxUREMgSW50ZXJuZXQxHTAbBgNVBAsTFFREQyBJbnRl cm5ldCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLhA vJHVYx/XmaCLDEAedLdInUaMArLgJF/wGROnN4NrXceO+YQwzho7+vvOi20jxsNu Zp+Jpd/gQlBn+h9sHvTQBda/ytZO5GhgbEaqHF1j4QeGDmUApy6mcca8uYGoOn0a 0vnRrEvLznWv3Hv6gXPU/Lq9QYjUdLP5Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc1 4izbSysseLlJ28TQx5yc5IogCSEWVmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGN eGlVRGn1ypYcNIUXJXfi9i8nmHj9eQY6otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcD R0G2l8ktCkEiu7vmpwIDAQABo4IBJTCCASEwEQYJYIZIAYb4QgEBBAQDAgAHMGUG A1UdHwReMFwwWqBYoFakVDBSMQswCQYDVQQGEwJESzEVMBMGA1UEChMMVERDIElu dGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTENMAsGA1UEAxME Q1JMMTArBgNVHRAEJDAigA8yMDAxMDQwNTE2MzMxN1qBDzIwMjEwNDA1MTcwMzE3 WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUbGQBx/2FbazI2p5QCIUItTxWqFAw HQYDVR0OBBYEFGxkAcf9hW2syNqeUAiFCLU8VqhQMAwGA1UdEwQFMAMBAf8wHQYJ KoZIhvZ9B0EABBAwDhsIVjUuMDo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQBO Q8zR3R0QGwZ/t6T609lN+yOfI1Rb5osvBCiLtSdtiaHsmGnc540mgwV5dOy0uaOX wTUA/RXaOYE6lTGQ3pfphqiZdwzlWqCE/xIWrG64jcN7ksKsLtB9KOy282A4aW8+ 2ARVPp7MVdK6/rtHBNcK2RYKNCn1WBPVT8+PVkuzHu7TmHnaCB4Mb7j4Fifvwm89 9qNLPg7kbWzbO0ESm70NRyN/PErQr8Cv9u8btRXE64PECV90i9kR+8JWsTz4cMo0 jUNAE4z9mQNUecYu6oah9jrUCbz0vGbMPVjQV0kK7iXiQe4T+Zs4NNEA9X7nlB38 aQNiuJkFBT1reBK9sG9l -----END CERTIFICATE----- # Issuer: CN=UTN - DATACorp SGC O=The USERTRUST Network OU=http://www.usertrust.com # Subject: CN=UTN - DATACorp SGC O=The USERTRUST Network OU=http://www.usertrust.com # Label: "UTN DATACorp SGC Root CA" # Serial: 91374294542884689855167577680241077609 # MD5 Fingerprint: b3:a5:3e:77:21:6d:ac:4a:c0:c9:fb:d5:41:3d:ca:06 # SHA1 Fingerprint: 58:11:9f:0e:12:82:87:ea:50:fd:d9:87:45:6f:4f:78:dc:fa:d6:d4 # SHA256 Fingerprint: 85:fb:2f:91:dd:12:27:5a:01:45:b6:36:53:4f:84:02:4a:d6:8b:69:b8:ee:88:68:4f:f7:11:37:58:05:b3:48 -----BEGIN CERTIFICATE----- MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUFADCB kzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVUTiAtIERBVEFDb3Jw IFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2MzBaMIGTMQswCQYDVQQG EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYD VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cu dXNlcnRydXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNvcnAgU0dDMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6 E5Qbvfa2gI5lBZMAHryv4g+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ D0/Ww5y0vpQZY/KmEQrrU0icvvIpOxboGqBMpsn0GFlowHDyUwDAXlCCpVZvNvlK 4ESGoE1O1kduSUrLZ9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA9P4yPykq lXvY8qdOD1R8oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulW bfXv33i+Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQAB o4GrMIGoMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRT MtGzz3/64PGgXYVOktKeRR20TzA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3Js LnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dDLmNybDAqBgNVHSUEIzAhBggr BgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3DQEBBQUAA4IB AQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHcrpY6CiM+iVnJowft Gzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuMFrMOoAyYUJuTqXAJyCyj j98C5OBxOvG0I3KgqgHf35g+FFCgMSa9KOlaMCZ1+XtgHI3zzVAmbQQnmt/VDUVH KWss5nbZqSl9Mt3JNjy9rjXxEZ4du5A/EkdOjtd+D2JzHVImOBwYSf0wdJrE5SIv 2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jFVkwPDPafepE39peC4N1xaf92P2BNPM/3 mfnGV/TJVTl4uix5yaaIK/QI -----END CERTIFICATE----- # Issuer: CN=UTN-USERFirst-Hardware O=The USERTRUST Network OU=http://www.usertrust.com # Subject: CN=UTN-USERFirst-Hardware O=The USERTRUST Network OU=http://www.usertrust.com # Label: "UTN USERFirst Hardware Root CA" # Serial: 91374294542884704022267039221184531197 # MD5 Fingerprint: 4c:56:41:e5:0d:bb:2b:e8:ca:a3:ed:18:08:ad:43:39 # SHA1 Fingerprint: 04:83:ed:33:99:ac:36:08:05:87:22:ed:bc:5e:46:00:e3:be:f9:d7 # SHA256 Fingerprint: 6e:a5:47:41:d0:04:66:7e:ed:1b:48:16:63:4a:a3:a7:9e:6e:4b:96:95:0f:82:79:da:fc:8d:9b:d8:81:21:37 -----BEGIN CERTIFICATE----- MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn 0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0 dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM //bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t 3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA== -----END CERTIFICATE----- # Issuer: CN=Chambers of Commerce Root O=AC Camerfirma SA CIF A82743287 OU=http://www.chambersign.org # Subject: CN=Chambers of Commerce Root O=AC Camerfirma SA CIF A82743287 OU=http://www.chambersign.org # Label: "Camerfirma Chambers of Commerce Root" # Serial: 0 # MD5 Fingerprint: b0:01:ee:14:d9:af:29:18:94:76:8e:f1:69:33:2a:84 # SHA1 Fingerprint: 6e:3a:55:a4:19:0c:19:5c:93:84:3c:c0:db:72:2e:31:30:61:f0:b1 # SHA256 Fingerprint: 0c:25:8a:12:a5:67:4a:ef:25:f2:8b:a7:dc:fa:ec:ee:a3:48:e5:41:e6:f5:cc:4e:e6:3b:71:b3:61:60:6a:c3 -----BEGIN CERTIFICATE----- MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq 7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p 26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi 1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu tGWaIZDgqtCYvDi1czyL+Nw= -----END CERTIFICATE----- # Issuer: CN=Global Chambersign Root O=AC Camerfirma SA CIF A82743287 OU=http://www.chambersign.org # Subject: CN=Global Chambersign Root O=AC Camerfirma SA CIF A82743287 OU=http://www.chambersign.org # Label: "Camerfirma Global Chambersign Root" # Serial: 0 # MD5 Fingerprint: c5:e6:7b:bf:06:d0:4f:43:ed:c4:7a:65:8a:fb:6b:19 # SHA1 Fingerprint: 33:9b:6b:14:50:24:9b:55:7a:01:87:72:84:d9:e0:2f:c3:d2:d8:e9 # SHA256 Fingerprint: ef:3c:b4:17:fc:8e:bf:6f:97:87:6c:9e:4e:ce:39:de:1e:a5:fe:64:91:41:d1:02:8b:7d:11:c0:b2:29:8c:ed -----BEGIN CERTIFICATE----- MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== -----END CERTIFICATE----- # Issuer: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado O=NetLock Halozatbiztonsagi Kft. OU=Tanusitvanykiadok # Subject: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado O=NetLock Halozatbiztonsagi Kft. OU=Tanusitvanykiadok # Label: "NetLock Notary (Class A) Root" # Serial: 259 # MD5 Fingerprint: 86:38:6d:5e:49:63:6c:85:5c:db:6d:dc:94:b7:d0:f7 # SHA1 Fingerprint: ac:ed:5f:65:53:fd:25:ce:01:5f:1f:7a:48:3b:6a:74:9f:61:78:c6 # SHA256 Fingerprint: 7f:12:cd:5f:7e:5e:29:0e:c7:d8:51:79:d5:b7:2c:20:a5:be:75:08:ff:db:5b:f8:1a:b9:68:4a:7f:c9:f6:67 -----BEGIN CERTIFICATE----- MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYTAkhV MRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMe TmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0 dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFzcyBB KSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0N1oXDTE5MDIxOTIzMTQ0 N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhC dWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQu MRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBL b3pqZWd5em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHSMD7tM9DceqQWC2ObhbHDqeLVu0ThEDaiD zl3S1tWBxdRL51uUcCbbO51qTGL3cfNk1mE7PetzozfZz+qMkjvN9wfcZnSX9EUi 3fRc4L9t875lM+QVOr/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC/tmwqcm8 WgD/qaiYdPv2LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LY Oph7tqyF/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2Esi NCubMvJIH5+hCoR64sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCC ApswDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZIAYb4 QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZRUxFTSEgRXplbiB0 YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pvbGdhbHRhdGFz aSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQu IEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtm ZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMg ZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVs amFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJhc2EgbWVndGFsYWxoYXRv IGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBhIGh0dHBzOi8vd3d3 Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6 ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1 YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3Qg dG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRs b2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNAbmV0bG9jay5uZXQuMA0G CSqGSIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5ayZrU3/b39/zcT0mwBQO xmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjPytoUMaFP 0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJMSEN1rUQ QeJBCWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+uxdAu6tYPVuxk f1qbFFgBJ34TUMdrKuZoPL9coAob4Q566eKAw+np9v1sEZ7Q5SgnK1QyQhSCdeZK 8CtmdWOMovsEPoMOmzbwGOQmIMOM8CgHrTwXZoi1/baI -----END CERTIFICATE----- # Issuer: CN=NetLock Uzleti (Class B) Tanusitvanykiado O=NetLock Halozatbiztonsagi Kft. OU=Tanusitvanykiadok # Subject: CN=NetLock Uzleti (Class B) Tanusitvanykiado O=NetLock Halozatbiztonsagi Kft. OU=Tanusitvanykiadok # Label: "NetLock Business (Class B) Root" # Serial: 105 # MD5 Fingerprint: 39:16:aa:b9:6a:41:e1:14:69:df:9e:6c:3b:72:dc:b6 # SHA1 Fingerprint: 87:9f:4b:ee:05:df:98:58:3b:e3:60:d6:33:e7:0d:3f:fe:98:71:af # SHA256 Fingerprint: 39:df:7b:68:2b:7b:93:8f:84:71:54:81:cc:de:8d:60:d8:f2:2e:c5:98:87:7d:0a:aa:c1:2b:59:18:2b:03:12 -----BEGIN CERTIFICATE----- MIIFSzCCBLSgAwIBAgIBaTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCSFUx ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0 b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMTIwMAYDVQQD EylOZXRMb2NrIFV6bGV0aSAoQ2xhc3MgQikgVGFudXNpdHZhbnlraWFkbzAeFw05 OTAyMjUxNDEwMjJaFw0xOTAyMjAxNDEwMjJaMIGZMQswCQYDVQQGEwJIVTERMA8G A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxMjAwBgNVBAMTKU5l dExvY2sgVXpsZXRpIChDbGFzcyBCKSBUYW51c2l0dmFueWtpYWRvMIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQCx6gTsIKAjwo84YM/HRrPVG/77uZmeBNwcf4xK gZjupNTKihe5In+DCnVMm8Bp2GQ5o+2So/1bXHQawEfKOml2mrriRBf8TKPV/riX iK+IA4kfpPIEPsgHC+b5sy96YhQJRhTKZPWLgLViqNhr1nGTLbO/CVRY7QbrqHvc Q7GhaQIDAQABo4ICnzCCApswEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8E BAMCAAYwEQYJYIZIAYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1G SUdZRUxFTSEgRXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFu b3MgU3pvbGdhbHRhdGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBh bGFwamFuIGtlc3p1bHQuIEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExv Y2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGln aXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0 IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJh c2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGph biBhIGh0dHBzOi8vd3d3Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJo ZXRvIGF6IGVsbGVub3J6ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBP UlRBTlQhIFRoZSBpc3N1YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmlj YXRlIGlzIHN1YmplY3QgdG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBo dHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNA bmV0bG9jay5uZXQuMA0GCSqGSIb3DQEBBAUAA4GBAATbrowXr/gOkDFOzT4JwG06 sPgzTEdM43WIEJessDgVkcYplswhwG08pXTP2IKlOcNl40JwuyKQ433bNXbhoLXa n3BukxowOR0w2y7jfLKRstE3Kfq51hdcR0/jHTjrn9V7lagonhVK0dHQKwCXoOKS NitjrFgBazMpUIaD8QFI -----END CERTIFICATE----- # Issuer: CN=NetLock Expressz (Class C) Tanusitvanykiado O=NetLock Halozatbiztonsagi Kft. OU=Tanusitvanykiadok # Subject: CN=NetLock Expressz (Class C) Tanusitvanykiado O=NetLock Halozatbiztonsagi Kft. OU=Tanusitvanykiadok # Label: "NetLock Express (Class C) Root" # Serial: 104 # MD5 Fingerprint: 4f:eb:f1:f0:70:c2:80:63:5d:58:9f:da:12:3c:a9:c4 # SHA1 Fingerprint: e3:92:51:2f:0a:cf:f5:05:df:f6:de:06:7f:75:37:e1:65:ea:57:4b # SHA256 Fingerprint: 0b:5e:ed:4e:84:64:03:cf:55:e0:65:84:84:40:ed:2a:82:75:8b:f5:b9:aa:1f:25:3d:46:13:cf:a0:80:ff:3f -----BEGIN CERTIFICATE----- MIIFTzCCBLigAwIBAgIBaDANBgkqhkiG9w0BAQQFADCBmzELMAkGA1UEBhMCSFUx ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0 b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMTQwMgYDVQQD EytOZXRMb2NrIEV4cHJlc3N6IChDbGFzcyBDKSBUYW51c2l0dmFueWtpYWRvMB4X DTk5MDIyNTE0MDgxMVoXDTE5MDIyMDE0MDgxMVowgZsxCzAJBgNVBAYTAkhVMREw DwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9u c2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE0MDIGA1UEAxMr TmV0TG9jayBFeHByZXNzeiAoQ2xhc3MgQykgVGFudXNpdHZhbnlraWFkbzCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6+ywbGGKIyWvYCDj2Z/8kwvbXY2wobNA OoLO/XXgeDIDhlqGlZHtU/qdQPzm6N3ZW3oDvV3zOwzDUXmbrVWg6dADEK8KuhRC 2VImESLH0iDMgqSaqf64gXadarfSNnU+sYYJ9m5tfk63euyucYT2BDMIJTLrdKwW RMbkQJMdf60CAwEAAaOCAp8wggKbMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0P AQH/BAQDAgAGMBEGCWCGSAGG+EIBAQQEAwIABzCCAmAGCWCGSAGG+EIBDQSCAlEW ggJNRklHWUVMRU0hIEV6ZW4gdGFudXNpdHZhbnkgYSBOZXRMb2NrIEtmdC4gQWx0 YWxhbm9zIFN6b2xnYWx0YXRhc2kgRmVsdGV0ZWxlaWJlbiBsZWlydCBlbGphcmFz b2sgYWxhcGphbiBrZXN6dWx0LiBBIGhpdGVsZXNpdGVzIGZvbHlhbWF0YXQgYSBO ZXRMb2NrIEtmdC4gdGVybWVrZmVsZWxvc3NlZy1iaXp0b3NpdGFzYSB2ZWRpLiBB IGRpZ2l0YWxpcyBhbGFpcmFzIGVsZm9nYWRhc2FuYWsgZmVsdGV0ZWxlIGF6IGVs b2lydCBlbGxlbm9yemVzaSBlbGphcmFzIG1lZ3RldGVsZS4gQXogZWxqYXJhcyBs ZWlyYXNhIG1lZ3RhbGFsaGF0byBhIE5ldExvY2sgS2Z0LiBJbnRlcm5ldCBob25s YXBqYW4gYSBodHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIGNpbWVuIHZhZ3kg a2VyaGV0byBheiBlbGxlbm9yemVzQG5ldGxvY2submV0IGUtbWFpbCBjaW1lbi4g SU1QT1JUQU5UISBUaGUgaXNzdWFuY2UgYW5kIHRoZSB1c2Ugb2YgdGhpcyBjZXJ0 aWZpY2F0ZSBpcyBzdWJqZWN0IHRvIHRoZSBOZXRMb2NrIENQUyBhdmFpbGFibGUg YXQgaHR0cHM6Ly93d3cubmV0bG9jay5uZXQvZG9jcyBvciBieSBlLW1haWwgYXQg Y3BzQG5ldGxvY2submV0LjANBgkqhkiG9w0BAQQFAAOBgQAQrX/XDDKACtiG8XmY ta3UzbM2xJZIwVzNmtkFLp++UOv0JhQQLdRmF/iewSf98e3ke0ugbLWrmldwpu2g pO0u9f38vf5NNwgMvOOWgyL1SRt/Syu0VMGAfJlOHdCM7tCs5ZL6dVb+ZKATj7i4 Fp1hBWeAyNDYpQcCNJgEjTME1A== -----END CERTIFICATE----- # Issuer: CN=XRamp Global Certification Authority O=XRamp Security Services Inc OU=www.xrampsecurity.com # Subject: CN=XRamp Global Certification Authority O=XRamp Security Services Inc OU=www.xrampsecurity.com # Label: "XRamp Global CA Root" # Serial: 107108908803651509692980124233745014957 # MD5 Fingerprint: a1:0b:44:b3:ca:10:d8:00:6e:9d:0f:d8:0f:92:0a:d1 # SHA1 Fingerprint: b8:01:86:d1:eb:9c:86:a5:41:04:cf:30:54:f3:4c:52:b7:e5:58:c6 # SHA256 Fingerprint: ce:cd:dc:90:50:99:d8:da:df:c5:b1:d2:09:b7:37:cb:e2:c1:8c:fb:2c:10:c0:ff:0b:cf:0d:32:86:fc:1a:a2 -----BEGIN CERTIFICATE----- MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ O+7ETPTsJ3xCwnR8gooJybQDJbw= -----END CERTIFICATE----- # Issuer: O=The Go Daddy Group, Inc. OU=Go Daddy Class 2 Certification Authority # Subject: O=The Go Daddy Group, Inc. OU=Go Daddy Class 2 Certification Authority # Label: "Go Daddy Class 2 CA" # Serial: 0 # MD5 Fingerprint: 91:de:06:25:ab:da:fd:32:17:0c:bb:25:17:2a:84:67 # SHA1 Fingerprint: 27:96:ba:e6:3f:18:01:e2:77:26:1b:a0:d7:77:70:02:8f:20:ee:e4 # SHA256 Fingerprint: c3:84:6b:f2:4b:9e:93:ca:64:27:4c:0e:c6:7c:1e:cc:5e:02:4f:fc:ac:d2:d7:40:19:35:0e:81:fe:54:6a:e4 -----BEGIN CERTIFICATE----- MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h /t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf ReYNnyicsbkqWletNw+vHX/bvZ8= -----END CERTIFICATE----- # Issuer: O=Starfield Technologies, Inc. OU=Starfield Class 2 Certification Authority # Subject: O=Starfield Technologies, Inc. OU=Starfield Class 2 Certification Authority # Label: "Starfield Class 2 CA" # Serial: 0 # MD5 Fingerprint: 32:4a:4b:bb:c8:63:69:9b:be:74:9a:c6:dd:1d:46:24 # SHA1 Fingerprint: ad:7e:1c:28:b0:64:ef:8f:60:03:40:20:14:c3:d0:e3:37:0e:b5:8a # SHA256 Fingerprint: 14:65:fa:20:53:97:b8:76:fa:a6:f0:a9:95:8e:55:90:e4:0f:cc:7f:aa:4f:b7:c2:c8:67:75:21:fb:5f:b6:58 -----BEGIN CERTIFICATE----- MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf 8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN +lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA 1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= -----END CERTIFICATE----- # Issuer: CN=StartCom Certification Authority O=StartCom Ltd. OU=Secure Digital Certificate Signing # Subject: CN=StartCom Certification Authority O=StartCom Ltd. OU=Secure Digital Certificate Signing # Label: "StartCom Certification Authority" # Serial: 1 # MD5 Fingerprint: 22:4d:8f:8a:fc:f7:35:c2:bb:57:34:90:7b:8b:22:16 # SHA1 Fingerprint: 3e:2b:f7:f2:03:1b:96:f3:8c:e6:c4:d8:a8:5d:3e:2d:58:47:6a:0f # SHA256 Fingerprint: c7:66:a9:be:f2:d4:07:1c:86:3a:31:aa:49:20:e8:13:b2:d1:98:60:8c:b7:b7:cf:e2:11:43:b8:36:df:09:ea -----BEGIN CERTIFICATE----- MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9 MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w +2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B 26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0 Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ 9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8 jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1 ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14= -----END CERTIFICATE----- # Issuer: O=Government Root Certification Authority # Subject: O=Government Root Certification Authority # Label: "Taiwan GRCA" # Serial: 42023070807708724159991140556527066870 # MD5 Fingerprint: 37:85:44:53:32:45:1f:20:f0:f3:95:e1:25:c4:43:4e # SHA1 Fingerprint: f4:8b:11:bf:de:ab:be:94:54:20:71:e6:41:de:6b:be:88:2b:40:b9 # SHA256 Fingerprint: 76:00:29:5e:ef:e8:5b:9e:1f:d6:24:db:76:06:2a:aa:ae:59:81:8a:54:d2:77:4c:d4:c0:b2:c0:11:31:e1:b3 -----BEGIN CERTIFICATE----- MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/ MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2 jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7 hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1 EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl pYYsfPQS -----END CERTIFICATE----- # Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 # Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 # Label: "Firmaprofesional Root CA" # Serial: 1 # MD5 Fingerprint: 11:92:79:40:3c:b1:83:40:e5:ab:66:4a:67:92:80:df # SHA1 Fingerprint: a9:62:8f:4b:98:a9:1b:48:35:ba:d2:c1:46:32:86:bb:66:64:6a:8c # SHA256 Fingerprint: c1:cf:0b:52:09:64:35:e3:f1:b7:1d:aa:ec:45:5a:23:11:c8:40:4f:55:83:a9:e2:13:c6:9d:85:7d:94:33:05 -----BEGIN CERTIFICATE----- MIIEVzCCAz+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCRVMx IjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJjZWxvbmExQjBABgNVBAMTOUF1 dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYXY2FAZmlybWFwcm9mZXNpb25hbC5jb20w HhcNMDExMDI0MjIwMDAwWhcNMTMxMDI0MjIwMDAwWjCBnTELMAkGA1UEBhMCRVMx IjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJjZWxvbmExQjBABgNVBAMTOUF1 dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYXY2FAZmlybWFwcm9mZXNpb25hbC5jb20w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnIwNvbyOlXnjOlSztlB5u Cp4Bx+ow0Syd3Tfom5h5VtP8c9/Qit5Vj1H5WuretXDE7aTt/6MNbg9kUDGvASdY rv5sp0ovFy3Tc9UTHI9ZpTQsHVQERc1ouKDAA6XPhUJHlShbz++AbOCQl4oBPB3z hxAwJkh91/zpnZFx/0GaqUC1N5wpIE8fUuOgfRNtVLcK3ulqTgesrBlf3H5idPay BQC6haD9HThuy1q7hryUZzM1gywfI834yJFxzJeL764P3CkDG8A563DtwW4O2GcL iam8NeTvtjS0pbbELaW+0MOUJEjb35bTALVmGotmBQ/dPz/LP6pemkr4tErvlTcb AgMBAAGjgZ8wgZwwKgYDVR0RBCMwIYYfaHR0cDovL3d3dy5maXJtYXByb2Zlc2lv bmFsLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEBMCsGA1UdEAQkMCKADzIwMDExMDI0 MjIwMDAwWoEPMjAxMzEwMjQyMjAwMDBaMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E FgQUMwugZtHq2s7eYpMEKFK1FH84aLcwDQYJKoZIhvcNAQEFBQADggEBAEdz/o0n VPD11HecJ3lXV7cVVuzH2Fi3AQL0M+2TUIiefEaxvT8Ub/GzR0iLjJcG1+p+o1wq u00vR+L4OQbJnC4xGgN49Lw4xiKLMzHwFgQEffl25EvXwOaD7FnMP97/T2u3Z36m hoEyIwOdyPdfwUpgpZKpsaSgYMN4h7Mi8yrrW6ntBas3D7Hi05V2Y1Z0jFhyGzfl ZKG+TQyTmAyX9odtsz/ny4Cm7YjHX1BiAuiZdBbQ5rQ58SfLyEDW44YQqSMSkuBp QWOnryULwMWSyx6Yo1q6xTMPoJcB3X/ge9YGVM+h4k0460tQtcsm9MracEpqoeJ5 quGnM/b9Sh/22WA= -----END CERTIFICATE----- # Issuer: CN=Wells Fargo Root Certificate Authority O=Wells Fargo OU=Wells Fargo Certification Authority # Subject: CN=Wells Fargo Root Certificate Authority O=Wells Fargo OU=Wells Fargo Certification Authority # Label: "Wells Fargo Root CA" # Serial: 971282334 # MD5 Fingerprint: 20:0b:4a:7a:88:a7:a9:42:86:8a:5f:74:56:7b:88:05 # SHA1 Fingerprint: 93:e6:ab:22:03:03:b5:23:28:dc:da:56:9e:ba:e4:d1:d1:cc:fb:65 # SHA256 Fingerprint: 03:45:8b:6a:be:ec:c2:14:95:3d:97:14:9a:f4:53:91:69:1d:e9:f9:cd:cc:26:47:86:3a:3d:67:c9:5c:24:3b -----BEGIN CERTIFICATE----- MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0 MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13 5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo 7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/ 0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7 nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ 33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s= -----END CERTIFICATE----- # Issuer: CN=Swisscom Root CA 1 O=Swisscom OU=Digital Certificate Services # Subject: CN=Swisscom Root CA 1 O=Swisscom OU=Digital Certificate Services # Label: "Swisscom Root CA 1" # Serial: 122348795730808398873664200247279986742 # MD5 Fingerprint: f8:38:7c:77:88:df:2c:16:68:2e:c2:e2:52:4b:b8:f9 # SHA1 Fingerprint: 5f:3a:fc:0a:8b:64:f6:86:67:34:74:df:7e:a9:a2:fe:f9:fa:7a:51 # SHA256 Fingerprint: 21:db:20:12:36:60:bb:2e:d4:18:20:5d:a1:1e:e7:a8:5a:65:e2:bc:6e:55:b5:af:7e:78:99:c8:a2:66:d9:2e -----BEGIN CERTIFICATE----- MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBk MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg Q0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBaMGQxCzAJBgNVBAYT AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9 m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdih FvkcxC7mlSpnzNApbjyFNDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/ TilftKaNXXsLmREDA/7n29uj/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3F EzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbco kdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBu HYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNF vJbNcA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo 19AOeCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJW bjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p/r+D5kNX JLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw FDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzc K6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzf ky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7Ik Vh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQMbFamIp1TpBcahQq4FJHgmDmHtqB sfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e 3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsR ls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ip mXeascClOS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HH b6D0jqTsNFFbjCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksf rK/7DZBaZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmms hFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E0F/6 MBr1mmz0DlP5OlvRHA== -----END CERTIFICATE----- # Issuer: CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com # Subject: CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com # Label: "DigiCert Assured ID Root CA" # Serial: 17154717934120587862167794914071425081 # MD5 Fingerprint: 87:ce:0b:7b:2a:0e:49:00:e1:58:71:9b:37:a8:93:72 # SHA1 Fingerprint: 05:63:b8:63:0d:62:d7:5a:bb:c8:ab:1e:4b:df:b5:a8:99:b2:4d:43 # SHA256 Fingerprint: 3e:90:99:b5:01:5e:8f:48:6c:00:bc:ea:9d:11:1e:e7:21:fa:ba:35:5a:89:bc:f1:df:69:56:1e:3d:c6:32:5c -----BEGIN CERTIFICATE----- MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe +o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== -----END CERTIFICATE----- # Issuer: CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com # Subject: CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com # Label: "DigiCert Global Root CA" # Serial: 10944719598952040374951832963794454346 # MD5 Fingerprint: 79:e4:a9:84:0d:7d:3a:96:d7:c0:4f:e2:43:4c:89:2e # SHA1 Fingerprint: a8:98:5d:3a:65:e5:e5:c4:b2:d7:d6:6d:40:c6:dd:2f:b1:9c:54:36 # SHA256 Fingerprint: 43:48:a0:e9:44:4c:78:cb:26:5e:05:8d:5e:89:44:b4:d8:4f:96:62:bd:26:db:25:7f:89:34:a4:43:c7:01:61 -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt 43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg 06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= -----END CERTIFICATE----- # Issuer: CN=DigiCert High Assurance EV Root CA O=DigiCert Inc OU=www.digicert.com # Subject: CN=DigiCert High Assurance EV Root CA O=DigiCert Inc OU=www.digicert.com # Label: "DigiCert High Assurance EV Root CA" # Serial: 3553400076410547919724730734378100087 # MD5 Fingerprint: d4:74:de:57:5c:39:b2:d3:9c:85:83:c5:c0:65:49:8a # SHA1 Fingerprint: 5f:b7:ee:06:33:e2:59:db:ad:0c:4c:9a:e6:d3:8f:1a:61:c7:dc:25 # SHA256 Fingerprint: 74:31:e5:f4:c3:c1:ce:46:90:77:4f:0b:61:e0:54:40:88:3b:a9:a0:1e:d0:0b:a6:ab:d7:80:6e:d3:b1:18:cf -----BEGIN CERTIFICATE----- MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm +9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep +OkuE6N36B9K -----END CERTIFICATE----- # Issuer: CN=Class 2 Primary CA O=Certplus # Subject: CN=Class 2 Primary CA O=Certplus # Label: "Certplus Class 2 Primary CA" # Serial: 177770208045934040241468760488327595043 # MD5 Fingerprint: 88:2c:8c:52:b8:a2:3c:f3:f7:bb:03:ea:ae:ac:42:0b # SHA1 Fingerprint: 74:20:74:41:72:9c:dd:92:ec:79:31:d8:23:10:8d:c2:81:92:e2:bb # SHA256 Fingerprint: 0f:99:3c:8a:ef:97:ba:af:56:87:14:0e:d5:9a:d1:82:1b:b4:af:ac:f0:aa:9a:58:b5:d5:7a:33:8a:3a:fb:cb -----BEGIN CERTIFICATE----- MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9 MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0 HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4 QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/ AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8 yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 l7+ijrRU -----END CERTIFICATE----- # Issuer: CN=DST Root CA X3 O=Digital Signature Trust Co. # Subject: CN=DST Root CA X3 O=Digital Signature Trust Co. # Label: "DST Root CA X3" # Serial: 91299735575339953335919266965803778155 # MD5 Fingerprint: 41:03:52:dc:0f:f7:50:1b:16:f0:02:8e:ba:6f:45:c5 # SHA1 Fingerprint: da:c9:02:4f:54:d8:f6:df:94:93:5f:b1:73:26:38:ca:6a:d7:7c:13 # SHA256 Fingerprint: 06:87:26:03:31:a7:24:03:d9:09:f1:05:e6:9b:cf:0d:32:e1:bd:24:93:ff:c6:d9:20:6d:11:bc:d6:77:07:39 -----BEGIN CERTIFICATE----- MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ -----END CERTIFICATE----- # Issuer: CN=DST ACES CA X6 O=Digital Signature Trust OU=DST ACES # Subject: CN=DST ACES CA X6 O=Digital Signature Trust OU=DST ACES # Label: "DST ACES CA X6" # Serial: 17771143917277623872238992636097467865 # MD5 Fingerprint: 21:d8:4c:82:2b:99:09:33:a2:eb:14:24:8d:8e:5f:e8 # SHA1 Fingerprint: 40:54:da:6f:1c:3f:40:74:ac:ed:0f:ec:cd:db:79:d1:53:fb:90:1d # SHA256 Fingerprint: 76:7c:95:5a:76:41:2c:89:af:68:8e:90:a1:c7:0f:55:6c:fd:6b:60:25:db:ea:10:41:6d:7e:b6:83:1f:8c:40 -----BEGIN CERTIFICATE----- MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBb MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3Qx ETAPBgNVBAsTCERTVCBBQ0VTMRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0w MzExMjAyMTE5NThaFw0xNzExMjAyMTE5NThaMFsxCzAJBgNVBAYTAlVTMSAwHgYD VQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UECxMIRFNUIEFDRVMx FzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPu ktKe1jzIDZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7 gLFViYsx+tC3dr5BPTCapCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZH fAjIgrrep4c9oW24MFbCswKBXy314powGCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4a ahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPyMjwmR/onJALJfh1biEIT ajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1UdEwEB/wQF MAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rk c3QuY29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjto dHRwOi8vd3d3LnRydXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMt aW5kZXguaHRtbDAdBgNVHQ4EFgQUCXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZI hvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V25FYrnJmQ6AgwbN99Pe7lv7Uk QIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6tFr8hlxCBPeP/ h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpR rscL9yuwNwXsvFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf2 9w4LTJxoeHtxMcfrHuBnQfO3oKfN5XozNmr6mis= -----END CERTIFICATE----- # Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı O=(c) 2005 TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. # Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı O=(c) 2005 TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. # Label: "TURKTRUST Certificate Services Provider Root 1" # Serial: 1 # MD5 Fingerprint: f1:6a:22:18:c9:cd:df:ce:82:1d:1d:b7:78:5c:a9:a5 # SHA1 Fingerprint: 79:98:a3:08:e1:4d:65:85:e6:c2:1e:15:3a:71:9f:ba:5a:d3:4a:d9 # SHA256 Fingerprint: 44:04:e3:3b:5e:14:0d:cf:99:80:51:fd:fc:80:28:c7:c8:16:15:c5:ee:73:7b:11:1b:58:82:33:a9:b5:35:a0 -----BEGIN CERTIFICATE----- MIID+zCCAuOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBtzE/MD0GA1UEAww2VMOc UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx c8SxMQswCQYDVQQGDAJUUjEPMA0GA1UEBwwGQU5LQVJBMVYwVAYDVQQKDE0oYykg MjAwNSBUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8 dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjAeFw0wNTA1MTMxMDI3MTdaFw0xNTAz MjIxMDI3MTdaMIG3MT8wPQYDVQQDDDZUw5xSS1RSVVNUIEVsZWt0cm9uaWsgU2Vy dGlmaWthIEhpem1ldCBTYcSfbGF5xLFjxLFzxLExCzAJBgNVBAYMAlRSMQ8wDQYD VQQHDAZBTktBUkExVjBUBgNVBAoMTShjKSAyMDA1IFTDnFJLVFJVU1QgQmlsZ2kg xLBsZXRpxZ9pbSB2ZSBCaWxpxZ9pbSBHw7x2ZW5sacSfaSBIaXptZXRsZXJpIEEu xZ4uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylIF1mMD2Bxf3dJ7 XfIMYGFbazt0K3gNfUW9InTojAPBxhEqPZW8qZSwu5GXyGl8hMW0kWxsE2qkVa2k heiVfrMArwDCBRj1cJ02i67L5BuBf5OI+2pVu32Fks66WJ/bMsW9Xe8iSi9BB35J YbOG7E6mQW6EvAPs9TscyB/C7qju6hJKjRTP8wrgUDn5CDX4EVmt5yLqS8oUBt5C urKZ8y1UiBAG6uEaPj1nH/vO+3yC6BFdSsG5FOpU2WabfIl9BJpiyelSPJ6c79L1 JuTm5Rh8i27fbMx4W09ysstcP4wFjdFMjK2Sx+F4f2VsSQZQLJ4ywtdKxnWKWU51 b0dewQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAV 9VX/N5aAWSGk/KEVTCD21F/aAyT8z5Aa9CEKmu46sWrv7/hg0Uw2ZkUd82YCdAR7 kjCo3gp2D++Vbr3JN+YaDayJSFvMgzbC9UZcWYJWtNX+I7TYVBxEq8Sn5RTOPEFh fEPmzcSBCYsk+1Ql1haolgxnB2+zUEfjHCQo3SqYpGH+2+oSN7wBGjSFvW5P55Fy B0SFHljKVETd96y5y4khctuPwGkplyqjrhgjlxxBKot8KsF8kOipKMDTkcatKIdA aLX/7KfS0zgYnNN9aV3wxqUeJBujR/xpB2jn5Jq07Q+hh4cCzofSSE7hvP/L8XKS RGQDJereW26fyfJOrN3H -----END CERTIFICATE----- # Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005 # Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Kasım 2005 # Label: "TURKTRUST Certificate Services Provider Root 2" # Serial: 1 # MD5 Fingerprint: 37:a5:6e:d4:b1:25:84:97:b7:fd:56:15:7a:f9:a2:00 # SHA1 Fingerprint: b4:35:d4:e1:11:9d:1c:66:90:a7:49:eb:b3:94:bd:63:7b:a7:82:b7 # SHA256 Fingerprint: c4:70:cf:54:7e:23:02:b9:77:fb:29:dd:71:a8:9a:7b:6c:1f:60:77:7b:03:29:f5:60:17:f3:28:bf:4f:6b:e6 -----BEGIN CERTIFICATE----- MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvjE/MD0GA1UEAww2VMOc UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx c8SxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xS S1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kg SGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUwHhcNMDUxMTA3MTAwNzU3 WhcNMTUwOTE2MTAwNzU3WjCBvjE/MD0GA1UEAww2VMOcUktUUlVTVCBFbGVrdHJv bmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJU UjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSw bGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWe LiAoYykgS2FzxLFtIDIwMDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQCpNn7DkUNMwxmYCMjHWHtPFoylzkkBH3MOrHUTpvqeLCDe2JAOCtFp0if7qnef J1Il4std2NiDUBd9irWCPwSOtNXwSadktx4uXyCcUHVPr+G1QRT0mJKIx+XlZEdh R3n9wFHxwZnn3M5q+6+1ATDcRhzviuyV79z/rxAc653YsKpqhRgNF8k+v/Gb0AmJ Qv2gQrSdiVFVKc8bcLyEVK3BEx+Y9C52YItdP5qtygy/p1Zbj3e41Z55SZI/4PGX JHpsmxcPbe9TmJEr5A++WXkHeLuXlfSfadRYhwqp48y2WBmfJiGxxFmNskF1wK1p zpwACPI2/z7woQ8arBT9pmAPAgMBAAGjQzBBMB0GA1UdDgQWBBTZN7NOBf3Zz58S Fq62iS/rJTqIHDAPBgNVHQ8BAf8EBQMDBwYAMA8GA1UdEwEB/wQFMAMBAf8wDQYJ KoZIhvcNAQEFBQADggEBAHJglrfJ3NgpXiOFX7KzLXb7iNcX/nttRbj2hWyfIvwq ECLsqrkw9qtY1jkQMZkpAL2JZkH7dN6RwRgLn7Vhy506vvWolKMiVW4XSf/SKfE4 Jl3vpao6+XF75tpYHdN0wgH6PmlYX63LaL4ULptswLbcoCb6dxriJNoaN+BnrdFz gw2lGh1uEpJ+hGIAF728JRhX8tepb1mIvDS3LoV4nZbcFMMsilKbloxSZj2GFotH uFEJjOp9zYhys2AzsfAKRO8P9Qk3iCQOLGsgOqL6EfJANZxEaGM7rDNvY7wsu/LS y3Z9fYjYHcgFHW68lKlmjHdxx/qR+i9Rnuk5UrbnBEI= -----END CERTIFICATE----- # Issuer: CN=SwissSign Gold CA - G2 O=SwissSign AG # Subject: CN=SwissSign Gold CA - G2 O=SwissSign AG # Label: "SwissSign Gold CA - G2" # Serial: 13492815561806991280 # MD5 Fingerprint: 24:77:d9:a8:91:d1:3b:fa:88:2d:c2:ff:f8:cd:33:93 # SHA1 Fingerprint: d8:c5:38:8a:b7:30:1b:1b:6e:d4:7a:e6:45:25:3a:6f:9f:1a:27:61 # SHA256 Fingerprint: 62:dd:0b:e9:b9:f5:0a:16:3e:a0:f8:e7:5c:05:3b:1e:ca:57:ea:55:c8:68:8f:64:7c:68:81:f2:c8:35:7b:95 -----BEGIN CERTIFICATE----- MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c 6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn 8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a 77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ -----END CERTIFICATE----- # Issuer: CN=SwissSign Silver CA - G2 O=SwissSign AG # Subject: CN=SwissSign Silver CA - G2 O=SwissSign AG # Label: "SwissSign Silver CA - G2" # Serial: 5700383053117599563 # MD5 Fingerprint: e0:06:a1:c9:7d:cf:c9:fc:0d:c0:56:75:96:d8:62:13 # SHA1 Fingerprint: 9b:aa:e5:9f:56:ee:21:cb:43:5a:be:25:93:df:a7:f0:40:d1:1d:cb # SHA256 Fingerprint: be:6c:4d:a2:bb:b9:ba:59:b6:f3:93:97:68:37:42:46:c3:c0:05:99:3f:a9:8f:02:0d:1d:ed:be:d4:8a:81:d5 -----BEGIN CERTIFICATE----- MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH 6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ 2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u -----END CERTIFICATE----- # Issuer: CN=GeoTrust Primary Certification Authority O=GeoTrust Inc. # Subject: CN=GeoTrust Primary Certification Authority O=GeoTrust Inc. # Label: "GeoTrust Primary Certification Authority" # Serial: 32798226551256963324313806436981982369 # MD5 Fingerprint: 02:26:c3:01:5e:08:30:37:43:a9:d0:7d:cf:37:e6:bf # SHA1 Fingerprint: 32:3c:11:8e:1b:f7:b8:b6:52:54:e2:e2:10:0d:d6:02:90:37:f0:96 # SHA256 Fingerprint: 37:d5:10:06:c5:12:ea:ab:62:64:21:f1:ec:8c:92:01:3f:c5:f8:2a:e9:8e:e5:33:eb:46:19:b8:de:b4:d0:6c -----BEGIN CERTIFICATE----- MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl 4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= -----END CERTIFICATE----- # Issuer: CN=thawte Primary Root CA O=thawte, Inc. OU=Certification Services Division/(c) 2006 thawte, Inc. - For authorized use only # Subject: CN=thawte Primary Root CA O=thawte, Inc. OU=Certification Services Division/(c) 2006 thawte, Inc. - For authorized use only # Label: "thawte Primary Root CA" # Serial: 69529181992039203566298953787712940909 # MD5 Fingerprint: 8c:ca:dc:0b:22:ce:f5:be:72:ac:41:1a:11:a8:d8:12 # SHA1 Fingerprint: 91:c6:d6:ee:3e:8a:c8:63:84:e5:48:c2:99:29:5c:75:6c:81:7b:81 # SHA256 Fingerprint: 8d:72:2f:81:a9:c1:13:c0:79:1d:f1:36:a2:96:6d:b2:6c:95:0a:97:1d:b4:6b:41:99:f4:ea:54:b7:8b:fb:9f -----BEGIN CERTIFICATE----- MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta 3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk 6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 /qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 jVaMaA== -----END CERTIFICATE----- # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2006 VeriSign, Inc. - For authorized use only # Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2006 VeriSign, Inc. - For authorized use only # Label: "VeriSign Class 3 Public Primary Certification Authority - G5" # Serial: 33037644167568058970164719475676101450 # MD5 Fingerprint: cb:17:e4:31:67:3e:e2:09:fe:45:57:93:f3:0a:fa:1c # SHA1 Fingerprint: 4e:b6:d5:78:49:9b:1c:cf:5f:58:1e:ad:56:be:3d:9b:67:44:a5:e5 # SHA256 Fingerprint: 9a:cf:ab:7e:43:c8:d8:80:d0:6b:26:2a:94:de:ee:e4:b4:65:99:89:c3:d0:ca:f1:9b:af:64:05:e4:1a:b7:df -----BEGIN CERTIFICATE----- MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y 5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ 4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq -----END CERTIFICATE----- # Issuer: CN=SecureTrust CA O=SecureTrust Corporation # Subject: CN=SecureTrust CA O=SecureTrust Corporation # Label: "SecureTrust CA" # Serial: 17199774589125277788362757014266862032 # MD5 Fingerprint: dc:32:c3:a7:6d:25:57:c7:68:09:9d:ea:2d:a9:a2:d1 # SHA1 Fingerprint: 87:82:c6:c3:04:35:3b:cf:d2:96:92:d2:59:3e:7d:44:d9:34:ff:11 # SHA256 Fingerprint: f1:c1:b5:0a:e5:a2:0d:d8:03:0e:c9:f6:bc:24:82:3d:d3:67:b5:25:57:59:b4:e7:1b:61:fc:e9:f7:37:5d:73 -----BEGIN CERTIFICATE----- MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO 0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj 7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS 8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB /zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ 3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR 3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= -----END CERTIFICATE----- # Issuer: CN=Secure Global CA O=SecureTrust Corporation # Subject: CN=Secure Global CA O=SecureTrust Corporation # Label: "Secure Global CA" # Serial: 9751836167731051554232119481456978597 # MD5 Fingerprint: cf:f4:27:0d:d4:ed:dc:65:16:49:6d:3d:da:bf:6e:de # SHA1 Fingerprint: 3a:44:73:5a:e5:81:90:1f:24:86:61:46:1e:3b:9c:c4:5f:f5:3a:1b # SHA256 Fingerprint: 42:00:f5:04:3a:c8:59:0e:bb:52:7d:20:9e:d1:50:30:29:fb:cb:d4:1c:a1:b5:06:ec:27:f1:5a:de:7d:ac:69 -----BEGIN CERTIFICATE----- MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa /FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW -----END CERTIFICATE----- # Issuer: CN=COMODO Certification Authority O=COMODO CA Limited # Subject: CN=COMODO Certification Authority O=COMODO CA Limited # Label: "COMODO Certification Authority" # Serial: 104350513648249232941998508985834464573 # MD5 Fingerprint: 5c:48:dc:f7:42:72:ec:56:94:6d:1c:cc:71:35:80:75 # SHA1 Fingerprint: 66:31:bf:9e:f7:4f:9e:b6:c9:d5:a6:0c:ba:6a:be:d1:f7:bd:ef:7b # SHA256 Fingerprint: 0c:2c:d6:3d:f7:80:6f:a3:99:ed:e8:09:11:6b:57:5b:f8:79:89:f0:65:18:f9:80:8c:86:05:03:17:8b:af:66 -----BEGIN CERTIFICATE----- MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI 2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp +2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW /zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB ZQ== -----END CERTIFICATE----- # Issuer: CN=Network Solutions Certificate Authority O=Network Solutions L.L.C. # Subject: CN=Network Solutions Certificate Authority O=Network Solutions L.L.C. # Label: "Network Solutions Certificate Authority" # Serial: 116697915152937497490437556386812487904 # MD5 Fingerprint: d3:f3:a6:16:c0:fa:6b:1d:59:b1:2d:96:4d:0e:11:2e # SHA1 Fingerprint: 74:f8:a3:c3:ef:e7:b3:90:06:4b:83:90:3c:21:64:60:20:e5:df:ce # SHA256 Fingerprint: 15:f0:ba:00:a3:ac:7a:f3:ac:88:4c:07:2b:10:11:a0:77:bd:77:c0:97:f4:01:64:b2:f8:59:8a:bd:83:86:0c -----BEGIN CERTIFICATE----- MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH /nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey -----END CERTIFICATE----- # Issuer: CN=WellsSecure Public Root Certificate Authority O=Wells Fargo WellsSecure OU=Wells Fargo Bank NA # Subject: CN=WellsSecure Public Root Certificate Authority O=Wells Fargo WellsSecure OU=Wells Fargo Bank NA # Label: "WellsSecure Public Root Certificate Authority" # Serial: 1 # MD5 Fingerprint: 15:ac:a5:c2:92:2d:79:bc:e8:7f:cb:67:ed:02:cf:36 # SHA1 Fingerprint: e7:b4:f6:9d:61:ec:90:69:db:7e:90:a7:40:1a:3c:f4:7d:4f:e8:ee # SHA256 Fingerprint: a7:12:72:ae:aa:a3:cf:e8:72:7f:7f:b3:9f:0f:b3:d1:e5:42:6e:90:60:b0:6e:e6:f1:3e:9a:3c:58:33:cd:43 -----BEGIN CERTIFICATE----- MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMx IDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxs cyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9v dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEzMTcwNzU0WhcNMjIxMjE0 MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdl bGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQD DC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+r WxxTkqxtnt3CxC5FlAM1iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjU Dk/41itMpBb570OYj7OeUt9tkTmPOL13i0Nj67eT/DBMHAGTthP796EfvyXhdDcs HqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8bJVhHlfXBIEyg1J55oNj z7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiBK0HmOFaf SZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/Slwxl AgMBAAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqG KGh0dHA6Ly9jcmwucGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0P AQH/BAQDAgHGMB0GA1UdDgQWBBQmlRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0j BIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGBi6SBiDCBhTELMAkGA1UEBhMC VVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNX ZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEB ALkVsUSRzCPIK0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd /ZDJPHV3V3p9+N701NX3leZ0bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pB A4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSljqHyita04pO2t/caaH/+Xc/77szWn k4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+esE2fDbbFwRnzVlhE9 iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJtylv 2G0xffX8oRAHh84vWdw+WNs= -----END CERTIFICATE----- # Issuer: CN=COMODO ECC Certification Authority O=COMODO CA Limited # Subject: CN=COMODO ECC Certification Authority O=COMODO CA Limited # Label: "COMODO ECC Certification Authority" # Serial: 41578283867086692638256921589707938090 # MD5 Fingerprint: 7c:62:ff:74:9d:31:53:5e:68:4a:d5:78:aa:1e:bf:23 # SHA1 Fingerprint: 9f:74:4e:9f:2b:4d:ba:ec:0f:31:2c:50:b6:56:3b:8e:2d:93:c3:11 # SHA256 Fingerprint: 17:93:92:7a:06:14:54:97:89:ad:ce:2f:8f:34:f7:f0:b6:6d:0f:3a:e3:a3:b8:4d:21:ec:15:db:ba:4f:ad:c7 -----BEGIN CERTIFICATE----- MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= -----END CERTIFICATE----- # Issuer: CN=IGC/A O=PM/SGDN OU=DCSSI # Subject: CN=IGC/A O=PM/SGDN OU=DCSSI # Label: "IGC/A" # Serial: 245102874772 # MD5 Fingerprint: 0c:7f:dd:6a:f4:2a:b9:c8:9b:bd:20:7e:a9:db:5c:37 # SHA1 Fingerprint: 60:d6:89:74:b5:c2:65:9e:8a:0f:c1:88:7c:88:d2:46:69:1b:18:2c # SHA256 Fingerprint: b9:be:a7:86:0a:96:2e:a3:61:1d:ab:97:ab:6d:a3:e2:1c:10:68:b9:7d:55:57:5e:d0:e1:12:79:c1:1c:89:32 -----BEGIN CERTIFICATE----- MIIEAjCCAuqgAwIBAgIFORFFEJQwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYT AkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQ TS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG 9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMB4XDTAyMTIxMzE0MjkyM1oXDTIw MTAxNzE0MjkyMlowgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAM BgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEO MAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2 LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh/R0GLFMzvABIaI s9z4iPf930Pfeo2aSVz2TqrMHLmh6yeJ8kbpO0px1R2OLc/mratjUMdUC24SyZA2 xtgv2pGqaMVy/hcKshd+ebUyiHDKcMCWSo7kVc0dJ5S/znIq7Fz5cyD+vfcuiWe4 u0dzEvfRNWk68gq5rv9GQkaiv6GFGvm/5P9JhfejcIYyHF2fYPepraX/z9E0+X1b F8bc1g4oa8Ld8fUzaJ1O/Id8NhLWo4DoQw1VYZTqZDdH6nfK0LJYBcNdfrGoRpAx Vs5wKpayMLh35nnAvSk7/ZR3TL0gzUEl4C7HG7vupARB0l2tEmqKm0f7yd1GQOGd PDPQtQIDAQABo3cwdTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBRjAVBgNV HSAEDjAMMAoGCCqBegF5AQEBMB0GA1UdDgQWBBSjBS8YYFDCiQrdKyFP/45OqDAx NjAfBgNVHSMEGDAWgBSjBS8YYFDCiQrdKyFP/45OqDAxNjANBgkqhkiG9w0BAQUF AAOCAQEABdwm2Pp3FURo/C9mOnTgXeQp/wYHE4RKq89toB9RlPhJy3Q2FLwV3duJ L92PoF189RLrn544pEfMs5bZvpwlqwN+Mw+VgQ39FuCIvjfwbF3QMZsyK10XZZOY YLxuj7GoPB7ZHPOpJkL5ZB3C55L29B5aqhlSXa/oovdgoPaN8In1buAKBQGVyYsg Crpa/JosPL3Dt8ldeCUFP1YUmwza+zpI/pdpXsoQhvdOlgQITeywvl3cO45Pwf2a NjSaTFR+FwNIlQgRHAdvhQh+XU3Endv7rs6y0bO4g2wdsrN58dhwmX7wEwLOXt1R 0982gaEbeC9xs/FZTEYYKKuF0mBWWg== -----END CERTIFICATE----- # Issuer: O=SECOM Trust Systems CO.,LTD. OU=Security Communication EV RootCA1 # Subject: O=SECOM Trust Systems CO.,LTD. OU=Security Communication EV RootCA1 # Label: "Security Communication EV RootCA1" # Serial: 0 # MD5 Fingerprint: 22:2d:a6:01:ea:7c:0a:f7:f0:6c:56:43:3f:77:76:d3 # SHA1 Fingerprint: fe:b8:c4:32:dc:f9:76:9a:ce:ae:3d:d8:90:8f:fd:28:86:65:64:7d # SHA256 Fingerprint: a2:2d:ba:68:1e:97:37:6e:2d:39:7d:72:8a:ae:3a:9b:62:96:b9:fd:ba:60:bc:2e:11:f6:47:f2:c6:75:fb:37 -----BEGIN CERTIFICATE----- MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEl MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMh U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIz MloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09N IFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNlY3VyaXR5IENvbW11 bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSE RMqm4miO/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gO zXppFodEtZDkBp2uoQSXWHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5 bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4zZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDF MxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4bepJz11sS6/vmsJWXMY1 VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK9U2vP9eC OKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G CSqGSIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HW tWS3irO4G8za+6xmiEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZ q51ihPZRwSzJIxXYKLerJRO1RuGGAv8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDb EJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnWmHyojf6GPgcWkuF75x3sM3Z+ Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEWT1MKZPlO9L9O VL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490 -----END CERTIFICATE----- # Issuer: CN=OISTE WISeKey Global Root GA CA O=WISeKey OU=Copyright (c) 2005/OISTE Foundation Endorsed # Subject: CN=OISTE WISeKey Global Root GA CA O=WISeKey OU=Copyright (c) 2005/OISTE Foundation Endorsed # Label: "OISTE WISeKey Global Root GA CA" # Serial: 86718877871133159090080555911823548314 # MD5 Fingerprint: bc:6c:51:33:a7:e9:d3:66:63:54:15:72:1b:21:92:93 # SHA1 Fingerprint: 59:22:a1:e1:5a:ea:16:35:21:f8:98:39:6a:46:46:b0:44:1b:0f:a9 # SHA256 Fingerprint: 41:c9:23:86:6a:b4:ca:d6:b7:ad:57:80:81:58:2e:02:07:97:a6:cb:df:4f:ff:78:ce:83:96:b3:89:37:d7:f5 -----BEGIN CERTIFICATE----- MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2 w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg 4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9 4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2 ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8 vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ /L7fCg0= -----END CERTIFICATE----- # Issuer: CN=Microsec e-Szigno Root CA O=Microsec Ltd. OU=e-Szigno CA # Subject: CN=Microsec e-Szigno Root CA O=Microsec Ltd. OU=e-Szigno CA # Label: "Microsec e-Szigno Root CA" # Serial: 272122594155480254301341951808045322001 # MD5 Fingerprint: f0:96:b6:2f:c5:10:d5:67:8e:83:25:32:e8:5e:2e:e5 # SHA1 Fingerprint: 23:88:c9:d3:71:cc:9e:96:3d:ff:7d:3c:a7:ce:fc:d6:25:ec:19:0d # SHA256 Fingerprint: 32:7a:3d:76:1a:ba:de:a0:34:eb:99:84:06:27:5c:b1:a4:77:6e:fd:ae:2f:df:6d:01:68:ea:1c:4f:55:67:d0 -----BEGIN CERTIFICATE----- MIIHqDCCBpCgAwIBAgIRAMy4579OKRr9otxmpRwsDxEwDQYJKoZIhvcNAQEFBQAw cjELMAkGA1UEBhMCSFUxETAPBgNVBAcTCEJ1ZGFwZXN0MRYwFAYDVQQKEw1NaWNy b3NlYyBMdGQuMRQwEgYDVQQLEwtlLVN6aWdubyBDQTEiMCAGA1UEAxMZTWljcm9z ZWMgZS1Temlnbm8gUm9vdCBDQTAeFw0wNTA0MDYxMjI4NDRaFw0xNzA0MDYxMjI4 NDRaMHIxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEWMBQGA1UEChMN TWljcm9zZWMgTHRkLjEUMBIGA1UECxMLZS1Temlnbm8gQ0ExIjAgBgNVBAMTGU1p Y3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQDtyADVgXvNOABHzNuEwSFpLHSQDCHZU4ftPkNEU6+r+ICbPHiN1I2u uO/TEdyB5s87lozWbxXGd36hL+BfkrYn13aaHUM86tnsL+4582pnS4uCzyL4ZVX+ LMsvfUh6PXX5qqAnu3jCBspRwn5mS6/NoqdNAoI/gqyFxuEPkEeZlApxcpMqyabA vjxWTHOSJ/FrtfX9/DAFYJLG65Z+AZHCabEeHXtTRbjcQR/Ji3HWVBTji1R4P770 Yjtb9aPs1ZJ04nQw7wHb4dSrmZsqa/i9phyGI0Jf7Enemotb9HI6QMVJPqW+jqpx 62z69Rrkav17fVVA71hu5tnVvCSrwe+3AgMBAAGjggQ3MIIEMzBnBggrBgEFBQcB AQRbMFkwKAYIKwYBBQUHMAGGHGh0dHBzOi8vcmNhLmUtc3ppZ25vLmh1L29jc3Aw LQYIKwYBBQUHMAKGIWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNydDAP BgNVHRMBAf8EBTADAQH/MIIBcwYDVR0gBIIBajCCAWYwggFiBgwrBgEEAYGoGAIB AQEwggFQMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3LmUtc3ppZ25vLmh1L1NaU1ov MIIBIgYIKwYBBQUHAgIwggEUHoIBEABBACAAdABhAG4A+gBzAO0AdAB2AOEAbgB5 ACAA6QByAHQAZQBsAG0AZQB6AOkAcwDpAGgAZQB6ACAA6QBzACAAZQBsAGYAbwBn AGEAZADhAHMA4QBoAG8AegAgAGEAIABTAHoAbwBsAGcA4QBsAHQAYQB0APMAIABT AHoAbwBsAGcA4QBsAHQAYQB0AOEAcwBpACAAUwB6AGEAYgDhAGwAeQB6AGEAdABh ACAAcwB6AGUAcgBpAG4AdAAgAGsAZQBsAGwAIABlAGwAagDhAHIAbgBpADoAIABo AHQAdABwADoALwAvAHcAdwB3AC4AZQAtAHMAegBpAGcAbgBvAC4AaAB1AC8AUwBa AFMAWgAvMIHIBgNVHR8EgcAwgb0wgbqggbeggbSGIWh0dHA6Ly93d3cuZS1zemln bm8uaHUvUm9vdENBLmNybIaBjmxkYXA6Ly9sZGFwLmUtc3ppZ25vLmh1L0NOPU1p Y3Jvc2VjJTIwZS1Temlnbm8lMjBSb290JTIwQ0EsT1U9ZS1Temlnbm8lMjBDQSxP PU1pY3Jvc2VjJTIwTHRkLixMPUJ1ZGFwZXN0LEM9SFU/Y2VydGlmaWNhdGVSZXZv Y2F0aW9uTGlzdDtiaW5hcnkwDgYDVR0PAQH/BAQDAgEGMIGWBgNVHREEgY4wgYuB EGluZm9AZS1zemlnbm8uaHWkdzB1MSMwIQYDVQQDDBpNaWNyb3NlYyBlLVN6aWdu w7MgUm9vdCBDQTEWMBQGA1UECwwNZS1TemlnbsOzIEhTWjEWMBQGA1UEChMNTWlj cm9zZWMgS2Z0LjERMA8GA1UEBxMIQnVkYXBlc3QxCzAJBgNVBAYTAkhVMIGsBgNV HSMEgaQwgaGAFMegSXUWYYTbMUuE0vE3QJDvTtz3oXakdDByMQswCQYDVQQGEwJI VTERMA8GA1UEBxMIQnVkYXBlc3QxFjAUBgNVBAoTDU1pY3Jvc2VjIEx0ZC4xFDAS BgNVBAsTC2UtU3ppZ25vIENBMSIwIAYDVQQDExlNaWNyb3NlYyBlLVN6aWdubyBS b290IENBghEAzLjnv04pGv2i3GalHCwPETAdBgNVHQ4EFgQUx6BJdRZhhNsxS4TS 8TdAkO9O3PcwDQYJKoZIhvcNAQEFBQADggEBANMTnGZjWS7KXHAM/IO8VbH0jgds ZifOwTsgqRy7RlRw7lrMoHfqaEQn6/Ip3Xep1fvj1KcExJW4C+FEaGAHQzAxQmHl 7tnlJNUb3+FKG6qfx1/4ehHqE5MAyopYse7tDk2016g2JnzgOsHVV4Lxdbb9iV/a 86g4nzUGCM4ilb7N1fy+W955a9x6qWVmvrElWl/tftOsRm1M9DKHtCAE4Gx4sHfR hUZLphK3dehKyVZs15KrnfVJONJPU+NVkBHbmJbGSfI+9J8b4PeI3CVimUTYc78/ MPMMNz7UwiiAc7EBt51alhQBS6kRnSlqLtBdgcDPsiBDxwPgN05dCtxZICU= -----END CERTIFICATE----- # Issuer: CN=Certigna O=Dhimyotis # Subject: CN=Certigna O=Dhimyotis # Label: "Certigna" # Serial: 18364802974209362175 # MD5 Fingerprint: ab:57:a6:5b:7d:42:82:19:b5:d8:58:26:28:5e:fd:ff # SHA1 Fingerprint: b1:2e:13:63:45:86:a4:6f:1a:b2:60:68:37:58:2d:c4:ac:fd:94:97 # SHA256 Fingerprint: e3:b6:a2:db:2e:d7:ce:48:84:2f:7a:c5:32:41:c7:b7:1d:54:14:4b:fb:40:c1:1f:3f:1d:0b:42:f5:ee:a1:2d -----BEGIN CERTIFICATE----- MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q 130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG 9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== -----END CERTIFICATE----- # Issuer: CN=AC Raíz Certicámara S.A. O=Sociedad Cameral de Certificación Digital - Certicámara S.A. # Subject: CN=AC Raíz Certicámara S.A. O=Sociedad Cameral de Certificación Digital - Certicámara S.A. # Label: "AC Ra\xC3\xADz Certic\xC3\xA1mara S.A." # Serial: 38908203973182606954752843738508300 # MD5 Fingerprint: 93:2a:3e:f6:fd:23:69:0d:71:20:d4:2b:47:99:2b:a6 # SHA1 Fingerprint: cb:a1:c5:f8:b0:e3:5e:b8:b9:45:12:d3:f9:34:a2:e9:06:10:d3:36 # SHA256 Fingerprint: a6:c5:1e:0d:a5:ca:0a:93:09:d2:e4:c0:e4:0c:2a:f9:10:7a:ae:82:03:85:7f:e1:98:e3:e7:69:e3:43:08:5c -----BEGIN CERTIFICATE----- MIIGZjCCBE6gAwIBAgIPB35Sk3vgFeNX8GmMy+wMMA0GCSqGSIb3DQEBBQUAMHsx CzAJBgNVBAYTAkNPMUcwRQYDVQQKDD5Tb2NpZWRhZCBDYW1lcmFsIGRlIENlcnRp ZmljYWNpw7NuIERpZ2l0YWwgLSBDZXJ0aWPDoW1hcmEgUy5BLjEjMCEGA1UEAwwa QUMgUmHDrXogQ2VydGljw6FtYXJhIFMuQS4wHhcNMDYxMTI3MjA0NjI5WhcNMzAw NDAyMjE0MjAyWjB7MQswCQYDVQQGEwJDTzFHMEUGA1UECgw+U29jaWVkYWQgQ2Ft ZXJhbCBkZSBDZXJ0aWZpY2FjacOzbiBEaWdpdGFsIC0gQ2VydGljw6FtYXJhIFMu QS4xIzAhBgNVBAMMGkFDIFJhw616IENlcnRpY8OhbWFyYSBTLkEuMIICIjANBgkq hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq2uJo1PMSCMI+8PPUZYILrgIem08kBeG qentLhM0R7LQcNzJPNCNyu5LF6vQhbCnIwTLqKL85XXbQMpiiY9QngE9JlsYhBzL fDe3fezTf3MZsGqy2IiKLUV0qPezuMDU2s0iiXRNWhU5cxh0T7XrmafBHoi0wpOQ Y5fzp6cSsgkiBzPZkc0OnB8OIMfuuzONj8LSWKdf/WU34ojC2I+GdV75LaeHM/J4 Ny+LvB2GNzmxlPLYvEqcgxhaBvzz1NS6jBUJJfD5to0EfhcSM2tXSExP2yYe68yQ 54v5aHxwD6Mq0Do43zeX4lvegGHTgNiRg0JaTASJaBE8rF9ogEHMYELODVoqDA+b MMCm8Ibbq0nXl21Ii/kDwFJnmxL3wvIumGVC2daa49AZMQyth9VXAnow6IYm+48j ilSH5L887uvDdUhfHjlvgWJsxS3EF1QZtzeNnDeRyPYL1epjb4OsOMLzP96a++Ej YfDIJss2yKHzMI+ko6Kh3VOz3vCaMh+DkXkwwakfU5tTohVTP92dsxA7SH2JD/zt A/X7JWR1DhcZDY8AFmd5ekD8LVkH2ZD6mq093ICK5lw1omdMEWux+IBkAC1vImHF rEsm5VoQgpukg3s0956JkSCXjrdCx2bD0Omk1vUgjcTDlaxECp1bczwmPS9KvqfJ pxAe+59QafMCAwEAAaOB5jCB4zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE AwIBBjAdBgNVHQ4EFgQU0QnQ6dfOeXRU+Tows/RtLAMDG2gwgaAGA1UdIASBmDCB lTCBkgYEVR0gADCBiTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5jZXJ0aWNhbWFy YS5jb20vZHBjLzBaBggrBgEFBQcCAjBOGkxMaW1pdGFjaW9uZXMgZGUgZ2FyYW50 7WFzIGRlIGVzdGUgY2VydGlmaWNhZG8gc2UgcHVlZGVuIGVuY29udHJhciBlbiBs YSBEUEMuMA0GCSqGSIb3DQEBBQUAA4ICAQBclLW4RZFNjmEfAygPU3zmpFmps4p6 xbD/CHwso3EcIRNnoZUSQDWDg4902zNc8El2CoFS3UnUmjIz75uny3XlesuXEpBc unvFm9+7OSPI/5jOCk0iAUgHforA1SBClETvv3eiiWdIG0ADBaGJ7M9i4z0ldma/ Jre7Ir5v/zlXdLp6yQGVwZVR6Kss+LGGIOk/yzVb0hfpKv6DExdA7ohiZVvVO2Dp ezy4ydV/NgIlqmjCMRW3MGXrfx1IebHPOeJCgBbT9ZMj/EyXyVo3bHwi2ErN0o42 gzmRkBDI8ck1fj+404HGIGQatlDCIaR43NAvO2STdPCWkPHv+wlaNECW8DYSwaN0 jJN+Qd53i+yG2dIPPy3RzECiiWZIHiCznCNZc6lEc7wkeZBWN7PGKX6jD/EpOe9+ XCgycDWs2rjIdWb8m0w5R44bb5tNAlQiM+9hup4phO9OSzNHdpdqy35f/RWmnkJD W2ZaiogN9xa5P1FlK2Zqi9E4UqLWRhH6/JocdJ6PlwsCT2TG9WjTSy3/pDceiz+/ RL5hRqGEPQgnTIEgd4kI6mdAXmwIUV80WoyWaM3X94nCHNMyAK9Sy9NgWyo6R35r MDOhYil/SrnhLecUIw4OGEfhefwVVdCx/CVxY3UzHCMrr1zZ7Ud3YA47Dx7SwNxk BYn8eNZcLCZDqQ== -----END CERTIFICATE----- # Issuer: CN=TC TrustCenter Class 2 CA II O=TC TrustCenter GmbH OU=TC TrustCenter Class 2 CA # Subject: CN=TC TrustCenter Class 2 CA II O=TC TrustCenter GmbH OU=TC TrustCenter Class 2 CA # Label: "TC TrustCenter Class 2 CA II" # Serial: 941389028203453866782103406992443 # MD5 Fingerprint: ce:78:33:5c:59:78:01:6e:18:ea:b9:36:a0:b9:2e:23 # SHA1 Fingerprint: ae:50:83:ed:7c:f4:5c:bc:8f:61:c6:21:fe:68:5d:79:42:21:15:6e # SHA256 Fingerprint: e6:b8:f8:76:64:85:f8:07:ae:7f:8d:ac:16:70:46:1f:07:c0:a1:3e:ef:3a:1f:f7:17:53:8d:7a:ba:d3:91:b4 -----BEGIN CERTIFICATE----- MIIEqjCCA5KgAwIBAgIOLmoAAQACH9dSISwRXDswDQYJKoZIhvcNAQEFBQAwdjEL MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0ExJTAjBgNVBAMTHFRDIFRydXN0 Q2VudGVyIENsYXNzIDIgQ0EgSUkwHhcNMDYwMTEyMTQzODQzWhcNMjUxMjMxMjI1 OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQTElMCMGA1UEAxMc VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMiBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAKuAh5uO8MN8h9foJIIRszzdQ2Lu+MNF2ujhoF/RKrLqk2jf tMjWQ+nEdVl//OEd+DFwIxuInie5e/060smp6RQvkL4DUsFJzfb95AhmC1eKokKg uNV/aVyQMrKXDcpK3EY+AlWJU+MaWss2xgdW94zPEfRMuzBwBJWl9jmM/XOBCH2J XjIeIqkiRUuwZi4wzJ9l/fzLganx4Duvo4bRierERXlQXa7pIXSSTYtZgo+U4+lK 8edJsBTj9WLL1XK9H7nSn6DNqPoByNkN39r8R52zyFTfSUrxIan+GE7uSNQZu+99 5OKdy1u2bv/jzVrndIIFuoAlOMvkaZ6vQaoahPUCAwEAAaOCATQwggEwMA8GA1Ud EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTjq1RMgKHbVkO3 kUrL84J6E1wIqzCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18yX2NhX0lJLmNybIaBn2xkYXA6 Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz JTIwMiUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290 Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAjNfffu4bgBCzg/XbEeprS6iS GNn3Bzn1LL4GdXpoUxUc6krtXvwjshOg0wn/9vYua0Fxec3ibf2uWWuFHbhOIprt ZjluS5TmVfwLG4t3wVMTZonZKNaL80VKY7f9ewthXbhtvsPcW3nS7Yblok2+XnR8 au0WOB9/WIFaGusyiC2y8zl3gK9etmF1KdsjTYjKUCjLhdLTEKJZbtOTVAB6okaV hgWcqRmY5TFyDADiZ9lA4CQze28suVyrZZ0srHbqNZn1l7kPJOzHdiEoZa5X6AeI dUpWoNIFOqTmjZKILPPy4cHGYdtBxceb9w4aUUXCYWvcZCcXjFq32nQozZfkvQ== -----END CERTIFICATE----- # Issuer: CN=TC TrustCenter Class 3 CA II O=TC TrustCenter GmbH OU=TC TrustCenter Class 3 CA # Subject: CN=TC TrustCenter Class 3 CA II O=TC TrustCenter GmbH OU=TC TrustCenter Class 3 CA # Label: "TC TrustCenter Class 3 CA II" # Serial: 1506523511417715638772220530020799 # MD5 Fingerprint: 56:5f:aa:80:61:12:17:f6:67:21:e6:2b:6d:61:56:8e # SHA1 Fingerprint: 80:25:ef:f4:6e:70:c8:d4:72:24:65:84:fe:40:3b:8a:8d:6a:db:f5 # SHA256 Fingerprint: 8d:a0:84:fc:f9:9c:e0:77:22:f8:9b:32:05:93:98:06:fa:5c:b8:11:e1:c8:13:f6:a1:08:c7:d3:36:b3:40:8e -----BEGIN CERTIFICATE----- MIIEqjCCA5KgAwIBAgIOSkcAAQAC5aBd1j8AUb8wDQYJKoZIhvcNAQEFBQAwdjEL MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxIjAgBgNV BAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExJTAjBgNVBAMTHFRDIFRydXN0 Q2VudGVyIENsYXNzIDMgQ0EgSUkwHhcNMDYwMTEyMTQ0MTU3WhcNMjUxMjMxMjI1 OTU5WjB2MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21i SDEiMCAGA1UECxMZVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQTElMCMGA1UEAxMc VEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMyBDQSBJSTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBALTgu1G7OVyLBMVMeRwjhjEQY0NVJz/GRcekPewJDRoeIMJW Ht4bNwcwIi9v8Qbxq63WyKthoy9DxLCyLfzDlml7forkzMA5EpBCYMnMNWju2l+Q Vl/NHE1bWEnrDgFPZPosPIlY2C8u4rBo6SI7dYnWRBpl8huXJh0obazovVkdKyT2 1oQDZogkAHhg8fir/gKya/si+zXmFtGt9i4S5Po1auUZuV3bOx4a+9P/FRQI2Alq ukWdFHlgfa9Aigdzs5OW03Q0jTo3Kd5c7PXuLjHCINy+8U9/I1LZW+Jk2ZyqBwi1 Rb3R0DHBq1SfqdLDYmAD8bs5SpJKPQq5ncWg/jcCAwEAAaOCATQwggEwMA8GA1Ud EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTUovyfs8PYA9NX XAek0CSnwPIA1DCB7QYDVR0fBIHlMIHiMIHfoIHcoIHZhjVodHRwOi8vd3d3LnRy dXN0Y2VudGVyLmRlL2NybC92Mi90Y19jbGFzc18zX2NhX0lJLmNybIaBn2xkYXA6 Ly93d3cudHJ1c3RjZW50ZXIuZGUvQ049VEMlMjBUcnVzdENlbnRlciUyMENsYXNz JTIwMyUyMENBJTIwSUksTz1UQyUyMFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290 Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/Y2VydGlmaWNhdGVSZXZvY2F0aW9u TGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEANmDkcPcGIEPZIxpC8vijsrlN irTzwppVMXzEO2eatN9NDoqTSheLG43KieHPOh6sHfGcMrSOWXaiQYUlN6AT0PV8 TtXqluJucsG7Kv5sbviRmEb8yRtXW+rIGjs/sFGYPAfaLFkB2otE6OF0/ado3VS6 g0bsyEa1+K+XwDsJHI/OcpY9M1ZwvJbL2NV9IJqDnxrcOfHFcqMRA/07QlIp2+gB 95tejNaNhk4Z+rwcvsUhpYeeeC422wlxo3I0+GzjBgnyXlal092Y+tTmBvTwtiBj S+opvaqCZh77gaqnN60TGOaSw4HBM7uIHqHn4rS9MWwOUT1v+5ZWgOI2F9Hc5A== -----END CERTIFICATE----- # Issuer: CN=TC TrustCenter Universal CA I O=TC TrustCenter GmbH OU=TC TrustCenter Universal CA # Subject: CN=TC TrustCenter Universal CA I O=TC TrustCenter GmbH OU=TC TrustCenter Universal CA # Label: "TC TrustCenter Universal CA I" # Serial: 601024842042189035295619584734726 # MD5 Fingerprint: 45:e1:a5:72:c5:a9:36:64:40:9e:f5:e4:58:84:67:8c # SHA1 Fingerprint: 6b:2f:34:ad:89:58:be:62:fd:b0:6b:5c:ce:bb:9d:d9:4f:4e:39:f3 # SHA256 Fingerprint: eb:f3:c0:2a:87:89:b1:fb:7d:51:19:95:d6:63:b7:29:06:d9:13:ce:0d:5e:10:56:8a:8a:77:e2:58:61:67:e7 -----BEGIN CERTIFICATE----- MIID3TCCAsWgAwIBAgIOHaIAAQAC7LdggHiNtgYwDQYJKoZIhvcNAQEFBQAweTEL MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJDAiBgNV BAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEmMCQGA1UEAxMdVEMgVHJ1 c3RDZW50ZXIgVW5pdmVyc2FsIENBIEkwHhcNMDYwMzIyMTU1NDI4WhcNMjUxMjMx MjI1OTU5WjB5MQswCQYDVQQGEwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIg R21iSDEkMCIGA1UECxMbVEMgVHJ1c3RDZW50ZXIgVW5pdmVyc2FsIENBMSYwJAYD VQQDEx1UQyBUcnVzdENlbnRlciBVbml2ZXJzYWwgQ0EgSTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAKR3I5ZEr5D0MacQ9CaHnPM42Q9e3s9B6DGtxnSR JJZ4Hgmgm5qVSkr1YnwCqMqs+1oEdjneX/H5s7/zA1hV0qq34wQi0fiU2iIIAI3T fCZdzHd55yx4Oagmcw6iXSVphU9VDprvxrlE4Vc93x9UIuVvZaozhDrzznq+VZeu jRIPFDPiUHDDSYcTvFHe15gSWu86gzOSBnWLknwSaHtwag+1m7Z3W0hZneTvWq3z wZ7U10VOylY0Ibw+F1tvdwxIAUMpsN0/lm7mlaoMwCC2/T42J5zjXM9OgdwZu5GQ fezmlwQek8wiSdeXhrYTCjxDI3d+8NzmzSQfO4ObNDqDNOMCAwEAAaNjMGEwHwYD VR0jBBgwFoAUkqR1LKSevoFE63n8isWVpesQdXMwDwYDVR0TAQH/BAUwAwEB/zAO BgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFJKkdSyknr6BROt5/IrFlaXrEHVzMA0G CSqGSIb3DQEBBQUAA4IBAQAo0uCG1eb4e/CX3CJrO5UUVg8RMKWaTzqwOuAGy2X1 7caXJ/4l8lfmXpWMPmRgFVp/Lw0BxbFg/UU1z/CyvwbZ71q+s2IhtNerNXxTPqYn 8aEt2hojnczd7Dwtnic0XQ/CNnm8yUpiLe1r2X1BQ3y2qsrtYbE3ghUJGooWMNjs ydZHcnhLEEYUjl8Or+zHL6sQ17bxbuyGssLoDZJz3KL0Dzq/YSMQiZxIQG5wALPT ujdEWBF6AmqI8Dc08BnprNRlc/ZpjGSUOnmFKbAWKwyCPwacx/0QK54PLLae4xW/ 2TYcuiUaUj0a7CIMHOCkoj3w6DnPgcB77V0fb8XQC9eY -----END CERTIFICATE----- # Issuer: CN=Deutsche Telekom Root CA 2 O=Deutsche Telekom AG OU=T-TeleSec Trust Center # Subject: CN=Deutsche Telekom Root CA 2 O=Deutsche Telekom AG OU=T-TeleSec Trust Center # Label: "Deutsche Telekom Root CA 2" # Serial: 38 # MD5 Fingerprint: 74:01:4a:91:b1:08:c4:58:ce:47:cd:f0:dd:11:53:08 # SHA1 Fingerprint: 85:a4:08:c0:9c:19:3e:5d:51:58:7d:cd:d6:13:30:fd:8c:de:37:bf # SHA256 Fingerprint: b6:19:1a:50:d0:c3:97:7f:7d:a9:9b:cd:aa:c8:6a:22:7d:ae:b9:67:9e:c7:0b:a3:b0:c9:d9:22:71:c1:70:d3 -----BEGIN CERTIFICATE----- MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290 IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl 6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+ xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU Cm26OWMohpLzGITY+9HPBVZkVw== -----END CERTIFICATE----- # Issuer: CN=ComSign Secured CA O=ComSign # Subject: CN=ComSign Secured CA O=ComSign # Label: "ComSign Secured CA" # Serial: 264725503855295744117309814499492384489 # MD5 Fingerprint: 40:01:25:06:8d:21:43:6a:0e:43:00:9c:e7:43:f3:d5 # SHA1 Fingerprint: f9:cd:0e:2c:da:76:24:c1:8f:bd:f0:f0:ab:b6:45:b8:f7:fe:d5:7a # SHA256 Fingerprint: 50:79:41:c7:44:60:a0:b4:70:86:22:0d:4e:99:32:57:2a:b5:d1:b5:bb:cb:89:80:ab:1c:b1:76:51:a8:44:d2 -----BEGIN CERTIFICATE----- MIIDqzCCApOgAwIBAgIRAMcoRwmzuGxFjB36JPU2TukwDQYJKoZIhvcNAQEFBQAw PDEbMBkGA1UEAxMSQ29tU2lnbiBTZWN1cmVkIENBMRAwDgYDVQQKEwdDb21TaWdu MQswCQYDVQQGEwJJTDAeFw0wNDAzMjQxMTM3MjBaFw0yOTAzMTYxNTA0NTZaMDwx GzAZBgNVBAMTEkNvbVNpZ24gU2VjdXJlZCBDQTEQMA4GA1UEChMHQ29tU2lnbjEL MAkGA1UEBhMCSUwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGtWhf HZQVw6QIVS3joFd67+l0Kru5fFdJGhFeTymHDEjWaueP1H5XJLkGieQcPOqs49oh gHMhCu95mGwfCP+hUH3ymBvJVG8+pSjsIQQPRbsHPaHA+iqYHU4Gk/v1iDurX8sW v+bznkqH7Rnqwp9D5PGBpX8QTz7RSmKtUxvLg/8HZaWSLWapW7ha9B20IZFKF3ue Mv5WJDmyVIRD9YTC2LxBkMyd1mja6YJQqTtoz7VdApRgFrFD2UNd3V2Hbuq7s8lr 9gOUCXDeFhF6K+h2j0kQmHe5Y1yLM5d19guMsqtb3nQgJT/j8xH5h2iGNXHDHYwt 6+UarA9z1YJZQIDTAgMBAAGjgacwgaQwDAYDVR0TBAUwAwEB/zBEBgNVHR8EPTA7 MDmgN6A1hjNodHRwOi8vZmVkaXIuY29tc2lnbi5jby5pbC9jcmwvQ29tU2lnblNl Y3VyZWRDQS5jcmwwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFMFL7XC29z58 ADsAj8c+DkWfHl3sMB0GA1UdDgQWBBTBS+1wtvc+fAA7AI/HPg5Fnx5d7DANBgkq hkiG9w0BAQUFAAOCAQEAFs/ukhNQq3sUnjO2QiBq1BW9Cav8cujvR3qQrFHBZE7p iL1DRYHjZiM/EoZNGeQFsOY3wo3aBijJD4mkU6l1P7CW+6tMM1X5eCZGbxs2mPtC dsGCuY7e+0X5YxtiOzkGynd6qDwJz2w2PQ8KRUtpFhpFfTMDZflScZAmlaxMDPWL kz/MdXSFmLr/YnpNH4n+rr2UAJm/EaXc4HnFFgt9AmEd6oX5AhVP51qJThRv4zdL hfXBPGHg/QVBspJ/wx2g0K5SZGBrGMYmnNj1ZOQ2GmKfig8+/21OGVZOIJFsnzQz OjRXUDpvgV4GxvU+fE6OK85lBi5d0ipTdF7Tbieejw== -----END CERTIFICATE----- # Issuer: CN=Cybertrust Global Root O=Cybertrust, Inc # Subject: CN=Cybertrust Global Root O=Cybertrust, Inc # Label: "Cybertrust Global Root" # Serial: 4835703278459682877484360 # MD5 Fingerprint: 72:e4:4a:87:e3:69:40:80:77:ea:bc:e3:f4:ff:f0:e1 # SHA1 Fingerprint: 5f:43:e5:b1:bf:f8:78:8c:ac:1c:c7:ca:4a:9a:c6:22:2b:cc:34:c6 # SHA256 Fingerprint: 96:0a:df:00:63:e9:63:56:75:0c:29:65:dd:0a:08:67:da:0b:9c:bd:6e:77:71:4a:ea:fb:23:49:ab:39:3d:a3 -----BEGIN CERTIFICATE----- MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5 7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW WL1WMRJOEcgh4LMRkWXbtKaIOM5V -----END CERTIFICATE----- # Issuer: O=Chunghwa Telecom Co., Ltd. OU=ePKI Root Certification Authority # Subject: O=Chunghwa Telecom Co., Ltd. OU=ePKI Root Certification Authority # Label: "ePKI Root Certification Authority" # Serial: 28956088682735189655030529057352760477 # MD5 Fingerprint: 1b:2e:00:ca:26:06:90:3d:ad:fe:6f:15:68:d3:6b:b3 # SHA1 Fingerprint: 67:65:0d:f1:7e:8e:7e:5b:82:40:a4:f4:56:4b:cf:e2:3d:69:c6:f0 # SHA256 Fingerprint: c0:a6:f4:dc:63:a2:4b:fd:cf:54:ef:2a:6a:08:2a:0a:72:de:35:80:3e:2f:f5:ff:52:7a:e5:d8:72:06:df:d5 -----BEGIN CERTIFICATE----- MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS /jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D hNQ+IIX3Sj0rnP0qCglN6oH4EZw= -----END CERTIFICATE----- # Issuer: CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE/Kamu Sertifikasyon Merkezi # Subject: CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE/Kamu Sertifikasyon Merkezi # Label: "T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3" # Serial: 17 # MD5 Fingerprint: ed:41:f5:8c:50:c5:2b:9c:73:e6:ee:6c:eb:c2:a8:26 # SHA1 Fingerprint: 1b:4b:39:61:26:27:6b:64:91:a2:68:6d:d7:02:43:21:2d:1f:1d:96 # SHA256 Fingerprint: e4:c7:34:30:d7:a5:b5:09:25:df:43:37:0a:0d:21:6e:9a:79:b9:d6:db:83:73:a0:c6:9e:b1:cc:31:c7:c5:2a -----BEGIN CERTIFICATE----- MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRS MRgwFgYDVQQHDA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJp bGltc2VsIHZlIFRla25vbG9qaWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSw VEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ryb25payB2ZSBLcmlwdG9sb2ppIEFy YcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNVBAsMGkthbXUgU2Vy dGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUgS8O2 ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAe Fw0wNzA4MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIx GDAWBgNVBAcMD0dlYnplIC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmls aW1zZWwgdmUgVGVrbm9sb2ppayBBcmHFn3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBU QUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZlIEtyaXB0b2xvamkgQXJh xZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2FtdSBTZXJ0 aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7Zr IFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4h gb46ezzb8R1Sf1n68yJMlaCQvEhOEav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yK O7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1xnnRFDDtG1hba+818qEhTsXO fJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR6Oqeyjh1jmKw lZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQID AQABo0IwQDAdBgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/ BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmP NOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4N5EY3ATIZJkrGG2AA1nJrvhY0D7t wyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLTy9LQQfMmNkqblWwM 7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYhLBOh gLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5n oN+J1q2MdqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUs yZyQ2uypQjyttgI= -----END CERTIFICATE----- # Issuer: CN=Buypass Class 2 CA 1 O=Buypass AS-983163327 # Subject: CN=Buypass Class 2 CA 1 O=Buypass AS-983163327 # Label: "Buypass Class 2 CA 1" # Serial: 1 # MD5 Fingerprint: b8:08:9a:f0:03:cc:1b:0d:c8:6c:0b:76:a1:75:64:23 # SHA1 Fingerprint: a0:a1:ab:90:c9:fc:84:7b:3b:12:61:e8:97:7d:5f:d3:22:61:d3:cc # SHA256 Fingerprint: 0f:4e:9c:dd:26:4b:02:55:50:d1:70:80:63:40:21:4f:e9:44:34:c9:b0:2f:69:7e:c7:10:fc:5f:ea:fb:5e:38 -----BEGIN CERTIFICATE----- MIIDUzCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3Mg Q2xhc3MgMiBDQSAxMB4XDTA2MTAxMzEwMjUwOVoXDTE2MTAxMzEwMjUwOVowSzEL MAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYD VQQDDBRCdXlwYXNzIENsYXNzIDIgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAIs8B0XY9t/mx8q6jUPFR42wWsE425KEHK8T1A9vNkYgxC7McXA0 ojTTNy7Y3Tp3L8DrKehc0rWpkTSHIln+zNvnma+WwajHQN2lFYxuyHyXA8vmIPLX l18xoS830r7uvqmtqEyeIWZDO6i88wmjONVZJMHCR3axiFyCO7srpgTXjAePzdVB HfCuuCkslFJgNJQ72uA40Z0zPhX0kzLFANq1KWYOOngPIVJfAuWSeyXTkh4vFZ2B 5J2O6O+JzhRMVB0cgRJNcKi+EAUXfh/RuFdV7c27UsKwHnjCTTZoy1YmwVLBvXb3 WNVyfh9EdrsAiR0WnVE1703CVu9r4Iw7DekCAwEAAaNCMEAwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUP42aWYv8e3uco684sDntkHGA1sgwDgYDVR0PAQH/BAQD AgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAVGn4TirnoB6NLJzKyQJHyIdFkhb5jatLP gcIV1Xp+DCmsNx4cfHZSldq1fyOhKXdlyTKdqC5Wq2B2zha0jX94wNWZUYN/Xtm+ DKhQ7SLHrQVMdvvt7h5HZPb3J31cKA9FxVxiXqaakZG3Uxcu3K1gnZZkOb1naLKu BctN518fV4bVIJwo+28TOPX2EZL2fZleHwzoq0QkKXJAPTZSr4xYkHPB7GEseaHs h7U/2k3ZIQAw3pDaDtMaSKk+hQsUi4y8QZ5q9w5wwDX3OaJdZtB7WZ+oRxKaJyOk LY4ng5IgodcVf/EuGO70SH8vf/GhGLWhC5SgYiAynB321O+/TIho -----END CERTIFICATE----- # Issuer: CN=Buypass Class 3 CA 1 O=Buypass AS-983163327 # Subject: CN=Buypass Class 3 CA 1 O=Buypass AS-983163327 # Label: "Buypass Class 3 CA 1" # Serial: 2 # MD5 Fingerprint: df:3c:73:59:81:e7:39:50:81:04:4c:34:a2:cb:b3:7b # SHA1 Fingerprint: 61:57:3a:11:df:0e:d8:7e:d5:92:65:22:ea:d0:56:d7:44:b3:23:71 # SHA256 Fingerprint: b7:b1:2b:17:1f:82:1d:aa:99:0c:d0:fe:50:87:b1:28:44:8b:a8:e5:18:4f:84:c5:1e:02:b5:c8:fb:96:2b:24 -----BEGIN CERTIFICATE----- MIIDUzCCAjugAwIBAgIBAjANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3Mg Q2xhc3MgMyBDQSAxMB4XDTA1MDUwOTE0MTMwM1oXDTE1MDUwOTE0MTMwM1owSzEL MAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYD VQQDDBRCdXlwYXNzIENsYXNzIDMgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKSO13TZKWTeXx+HgJHqTjnmGcZEC4DVC69TB4sSveZn8AKxifZg isRbsELRwCGoy+Gb72RRtqfPFfV0gGgEkKBYouZ0plNTVUhjP5JW3SROjvi6K//z NIqeKNc0n6wv1g/xpC+9UrJJhW05NfBEMJNGJPO251P7vGGvqaMU+8IXF4Rs4HyI +MkcVyzwPX6UvCWThOiaAJpFBUJXgPROztmuOfbIUxAMZTpHe2DC1vqRycZxbL2R hzyRhkmr8w+gbCZ2Xhysm3HljbybIR6c1jh+JIAVMYKWsUnTYjdbiAwKYjT+p0h+ mbEwi5A3lRyoH6UsjfRVyNvdWQrCrXig9IsCAwEAAaNCMEAwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUOBTmyPCppAP0Tj4io1vy1uCtQHQwDgYDVR0PAQH/BAQD AgEGMA0GCSqGSIb3DQEBBQUAA4IBAQABZ6OMySU9E2NdFm/soT4JXJEVKirZgCFP Bdy7pYmrEzMqnji3jG8CcmPHc3ceCQa6Oyh7pEfJYWsICCD8igWKH7y6xsL+z27s EzNxZy5p+qksP2bAEllNC1QCkoS72xLvg3BweMhT+t/Gxv/ciC8HwEmdMldg0/L2 mSlf56oBzKwzqBwKu5HEA6BvtjT5htOzdlSY9EqBs1OdTUDs5XcTRa9bqh/YL0yC e/4qxFi7T/ye/QNlGioOw6UgFpRreaaiErS7GqQjel/wroQk5PMr+4okoyeYZdow dXb8GZHo2+ubPzK/QJcHJrrM85SFSnonk8+QQtS4Wxam58tAA915 -----END CERTIFICATE----- # Issuer: CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. # Subject: CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. # Label: "EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1" # Serial: 5525761995591021570 # MD5 Fingerprint: 2c:20:26:9d:cb:1a:4a:00:85:b5:b7:5a:ae:c2:01:37 # SHA1 Fingerprint: 8c:96:ba:eb:dd:2b:07:07:48:ee:30:32:66:a0:f3:98:6e:7c:ae:58 # SHA256 Fingerprint: 35:ae:5b:dd:d8:f7:ae:63:5c:ff:ba:56:82:a8:f0:0b:95:f4:84:62:c7:10:8e:e9:a0:e5:29:2b:07:4a:af:b2 -----BEGIN CERTIFICATE----- MIIF5zCCA8+gAwIBAgIITK9zQhyOdAIwDQYJKoZIhvcNAQEFBQAwgYAxODA2BgNV BAMML0VCRyBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx c8SxMTcwNQYDVQQKDC5FQkcgQmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXpt ZXRsZXJpIEEuxZ4uMQswCQYDVQQGEwJUUjAeFw0wNjA4MTcwMDIxMDlaFw0xNjA4 MTQwMDMxMDlaMIGAMTgwNgYDVQQDDC9FQkcgRWxla3Ryb25payBTZXJ0aWZpa2Eg SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTE3MDUGA1UECgwuRUJHIEJpbGnFn2ltIFRl a25vbG9qaWxlcmkgdmUgSGl6bWV0bGVyaSBBLsWeLjELMAkGA1UEBhMCVFIwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDuoIRh0DpqZhAy2DE4f6en5f2h 4fuXd7hxlugTlkaDT7byX3JWbhNgpQGR4lvFzVcfd2NR/y8927k/qqk153nQ9dAk tiHq6yOU/im/+4mRDGSaBUorzAzu8T2bgmmkTPiab+ci2hC6X5L8GCcKqKpE+i4s tPtGmggDg3KriORqcsnlZR9uKg+ds+g75AxuetpX/dfreYteIAbTdgtsApWjluTL dlHRKJ2hGvxEok3MenaoDT2/F08iiFD9rrbskFBKW5+VQarKD7JK/oCZTqNGFav4 c0JqwmZ2sQomFd2TkuzbqV9UIlKRcF0T6kjsbgNs2d1s/OsNA/+mgxKb8amTD8Um TDGyY5lhcucqZJnSuOl14nypqZoaqsNW2xCaPINStnuWt6yHd6i58mcLlEOzrz5z +kI2sSXFCjEmN1ZnuqMLfdb3ic1nobc6HmZP9qBVFCVMLDMNpkGMvQQxahByCp0O Lna9XvNRiYuoP1Vzv9s6xiQFlpJIqkuNKgPlV5EQ9GooFW5Hd4RcUXSfGenmHmMW OeMRFeNYGkS9y8RsZteEBt8w9DeiQyJ50hBs37vmExH8nYQKE3vwO9D8owrXieqW fo1IhR5kX9tUoqzVegJ5a9KK8GfaZXINFHDk6Y54jzJ0fFfy1tb0Nokb+Clsi7n2 l9GkLqq+CxnCRelwXQIDAJ3Zo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB /wQEAwIBBjAdBgNVHQ4EFgQU587GT/wWZ5b6SqMHwQSny2re2kcwHwYDVR0jBBgw FoAU587GT/wWZ5b6SqMHwQSny2re2kcwDQYJKoZIhvcNAQEFBQADggIBAJuYml2+ 8ygjdsZs93/mQJ7ANtyVDR2tFcU22NU57/IeIl6zgrRdu0waypIN30ckHrMk2pGI 6YNw3ZPX6bqz3xZaPt7gyPvT/Wwp+BVGoGgmzJNSroIBk5DKd8pNSe/iWtkqvTDO TLKBtjDOWU/aWR1qeqRFsIImgYZ29fUQALjuswnoT4cCB64kXPBfrAowzIpAoHME wfuJJPaaHFy3PApnNgUIMbOv2AFoKuB4j3TeuFGkjGwgPaL7s9QJ/XvCgKqTbCmY Iai7FvOpEl90tYeY8pUm3zTvilORiF0alKM/fCL414i6poyWqD1SNGKfAB5UVUJn xk1Gj7sURT0KlhaOEKGXmdXTMIXM3rRyt7yKPBgpaP3ccQfuJDlq+u2lrDgv+R4Q DgZxGhBM/nV+/x5XOULK1+EVoVZVWRvRo68R2E7DpSvvkL/A7IITW43WciyTTo9q Kd+FPNMN4KIYEsxVL0e3p5sC/kH2iExt2qkBR4NkJ2IQgtYSe14DHzSpyZH+r11t hie3I6p1GMog57AP14kOpmciY/SDQSsGS7tY1dHXt7kQY9iJSrSq3RZj9W6+YKH4 7ejWkE8axsWgKdOnIaj1Wjz3x0miIZpKlVIglnKaZsv30oZDfCK+lvm9AahH3eU7 QPl1K5srRmSGjR70j/sHd9DqSaIcjVIUpgqT -----END CERTIFICATE----- # Issuer: O=certSIGN OU=certSIGN ROOT CA # Subject: O=certSIGN OU=certSIGN ROOT CA # Label: "certSIGN ROOT CA" # Serial: 35210227249154 # MD5 Fingerprint: 18:98:c0:d6:e9:3a:fc:f9:b0:f5:0c:f7:4b:01:44:17 # SHA1 Fingerprint: fa:b7:ee:36:97:26:62:fb:2d:b0:2a:f6:bf:03:fd:e8:7c:4b:2f:9b # SHA256 Fingerprint: ea:a9:62:c4:fa:4a:6b:af:eb:e4:15:19:6d:35:1c:cd:88:8d:4f:53:f3:fa:8a:e6:d7:c4:66:a9:4e:60:42:bb -----BEGIN CERTIFICATE----- MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do 0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ 44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN 9u6wWk5JRFRYX0KD -----END CERTIFICATE----- # Issuer: CN=CNNIC ROOT O=CNNIC # Subject: CN=CNNIC ROOT O=CNNIC # Label: "CNNIC ROOT" # Serial: 1228079105 # MD5 Fingerprint: 21:bc:82:ab:49:c4:13:3b:4b:b2:2b:5c:6b:90:9c:19 # SHA1 Fingerprint: 8b:af:4c:9b:1d:f0:2a:92:f7:da:12:8e:b9:1b:ac:f4:98:60:4b:6f # SHA256 Fingerprint: e2:83:93:77:3d:a8:45:a6:79:f2:08:0c:c7:fb:44:a3:b7:a1:c3:79:2c:b7:eb:77:29:fd:cb:6a:8d:99:ae:a7 -----BEGIN CERTIFICATE----- MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJD TjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2 MDcwOTE0WhcNMjcwNDE2MDcwOTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMF Q05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzDo+/hn7E7SIX1mlwh IhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tizVHa6 dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZO V/kbZKKTVrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrC GHn2emU1z5DrvTOTn1OrczvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gN v7Sg2Ca+I19zN38m5pIEo3/PIKe38zrKy5nLAgMBAAGjczBxMBEGCWCGSAGG+EIB AQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscCwQ7vptU7ETAPBgNVHRMB Af8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991SlgrHAsEO 76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnK OOK5Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvH ugDnuL8BV8F3RTIMO/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7Hgvi yJA/qIYM/PmLXoXLT1tLYhFHxUV8BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fL buXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2G8kS1sHNzYDzAgE8yGnLRUhj 2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5mmxE= -----END CERTIFICATE----- # Issuer: O=Japanese Government OU=ApplicationCA # Subject: O=Japanese Government OU=ApplicationCA # Label: "ApplicationCA - Japanese Government" # Serial: 49 # MD5 Fingerprint: 7e:23:4e:5b:a7:a5:b4:25:e9:00:07:74:11:62:ae:d6 # SHA1 Fingerprint: 7f:8a:b0:cf:d0:51:87:6a:66:f3:36:0f:47:c8:8d:8c:d3:35:fc:74 # SHA256 Fingerprint: 2d:47:43:7d:e1:79:51:21:5a:12:f3:c5:8e:51:c7:29:a5:80:26:ef:1f:cc:0a:5f:b3:d9:dc:01:2f:60:0d:19 -----BEGIN CERTIFICATE----- MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJKUDEc MBoGA1UEChMTSmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBwbGljYXRp b25DQTAeFw0wNzEyMTIxNTAwMDBaFw0xNzEyMTIxNTAwMDBaMEMxCzAJBgNVBAYT AkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zlcm5tZW50MRYwFAYDVQQLEw1BcHBs aWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp23gdE6H j6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdhjYq+xpqcBrSGUeQ3DnR4fl+K f5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWuREhzNgaeZCw7NCPbXCbkcXmP1G55 IrmTwcrNwVbtiGrXoDkhBFcsovW8R0FPXjQilbUfKW1eSvNNcr5BViCH/OlQR9cw FO5cjFW6WY2H/CPek9AEjP3vbb3QesmlOmpyM8ZKDQUXKi17safY1vC+9D/qDiht QWEjdnjDuGWk81quzMKq2edY3rZ+nYVunyoKb58DKTCXKB28t89UKU5RMfkntigm /qJj5kEW8DOYRwIDAQABo4GeMIGbMB0GA1UdDgQWBBRUWssmP3HMlEYNllPqa0jQ k/5CdTAOBgNVHQ8BAf8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNVBAYTAkpQ MRgwFgYDVQQKDA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOC seODvOOCt+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD ggEBADlqRHZ3ODrso2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJ hyzjVOGjprIIC8CFqMjSnHH2HZ9g/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2VdMV+ eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYDio+nEhEMy/0/ecGc/WLuo89U DNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmWdupwX3kSa+Sj B1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhfAx2o45CsJOAPQKdL rosot4LKGAfmt1t06SAZf7IbiVQ= -----END CERTIFICATE----- # Issuer: CN=GeoTrust Primary Certification Authority - G3 O=GeoTrust Inc. OU=(c) 2008 GeoTrust Inc. - For authorized use only # Subject: CN=GeoTrust Primary Certification Authority - G3 O=GeoTrust Inc. OU=(c) 2008 GeoTrust Inc. - For authorized use only # Label: "GeoTrust Primary Certification Authority - G3" # Serial: 28809105769928564313984085209975885599 # MD5 Fingerprint: b5:e8:34:36:c9:10:44:58:48:70:6d:2e:83:d4:b8:05 # SHA1 Fingerprint: 03:9e:ed:b8:0b:e7:a0:3c:69:53:89:3b:20:d2:d9:32:3a:4c:2a:fd # SHA256 Fingerprint: b4:78:b8:12:25:0d:f8:78:63:5c:2a:a7:ec:7d:15:5e:aa:62:5e:e8:29:16:e2:cd:29:43:61:88:6c:d1:fb:d4 -----BEGIN CERTIFICATE----- MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz +uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn 5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G spki4cErx5z481+oghLrGREt -----END CERTIFICATE----- # Issuer: CN=thawte Primary Root CA - G2 O=thawte, Inc. OU=(c) 2007 thawte, Inc. - For authorized use only # Subject: CN=thawte Primary Root CA - G2 O=thawte, Inc. OU=(c) 2007 thawte, Inc. - For authorized use only # Label: "thawte Primary Root CA - G2" # Serial: 71758320672825410020661621085256472406 # MD5 Fingerprint: 74:9d:ea:60:24:c4:fd:22:53:3e:cc:3a:72:d9:29:4f # SHA1 Fingerprint: aa:db:bc:22:23:8f:c4:01:a1:27:bb:38:dd:f4:1d:db:08:9e:f0:12 # SHA256 Fingerprint: a4:31:0d:50:af:18:a6:44:71:90:37:2a:86:af:af:8b:95:1f:fb:43:1d:83:7f:1e:56:88:b4:59:71:ed:15:57 -----BEGIN CERTIFICATE----- MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/ BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6 papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3 KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== -----END CERTIFICATE----- # Issuer: CN=thawte Primary Root CA - G3 O=thawte, Inc. OU=Certification Services Division/(c) 2008 thawte, Inc. - For authorized use only # Subject: CN=thawte Primary Root CA - G3 O=thawte, Inc. OU=Certification Services Division/(c) 2008 thawte, Inc. - For authorized use only # Label: "thawte Primary Root CA - G3" # Serial: 127614157056681299805556476275995414779 # MD5 Fingerprint: fb:1b:5d:43:8a:94:cd:44:c6:76:f2:43:4b:47:e7:31 # SHA1 Fingerprint: f1:8b:53:8d:1b:e9:03:b6:a6:f0:56:43:5b:17:15:89:ca:f3:6b:f2 # SHA256 Fingerprint: 4b:03:f4:58:07:ad:70:f2:1b:fc:2c:ae:71:c9:fd:e4:60:4c:06:4c:f5:ff:b6:86:ba:e5:db:aa:d7:fd:d3:4c -----BEGIN CERTIFICATE----- MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA 2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu MdRAGmI0Nj81Aa6sY6A= -----END CERTIFICATE----- # Issuer: CN=GeoTrust Primary Certification Authority - G2 O=GeoTrust Inc. OU=(c) 2007 GeoTrust Inc. - For authorized use only # Subject: CN=GeoTrust Primary Certification Authority - G2 O=GeoTrust Inc. OU=(c) 2007 GeoTrust Inc. - For authorized use only # Label: "GeoTrust Primary Certification Authority - G2" # Serial: 80682863203381065782177908751794619243 # MD5 Fingerprint: 01:5e:d8:6b:bd:6f:3d:8e:a1:31:f8:12:e0:98:73:6a # SHA1 Fingerprint: 8d:17:84:d5:37:f3:03:7d:ec:70:fe:57:8b:51:9a:99:e6:10:d7:b0 # SHA256 Fingerprint: 5e:db:7a:c4:3b:82:a0:6a:87:61:e8:d7:be:49:79:eb:f2:61:1f:7d:d7:9b:f9:1c:1c:6b:56:6a:21:9e:d7:66 -----BEGIN CERTIFICATE----- MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz rD6ogRLQy7rQkgu2npaqBA+K -----END CERTIFICATE----- # Issuer: CN=VeriSign Universal Root Certification Authority O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2008 VeriSign, Inc. - For authorized use only # Subject: CN=VeriSign Universal Root Certification Authority O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2008 VeriSign, Inc. - For authorized use only # Label: "VeriSign Universal Root Certification Authority" # Serial: 85209574734084581917763752644031726877 # MD5 Fingerprint: 8e:ad:b5:01:aa:4d:81:e4:8c:1d:d1:e1:14:00:95:19 # SHA1 Fingerprint: 36:79:ca:35:66:87:72:30:4d:30:a5:fb:87:3b:0f:a7:7b:b7:0d:54 # SHA256 Fingerprint: 23:99:56:11:27:a5:71:25:de:8c:ef:ea:61:0d:df:2f:a0:78:b5:c8:06:7f:4e:82:82:90:bf:b8:60:e8:4b:3c -----BEGIN CERTIFICATE----- MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF 9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN /BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz 4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 7M2CYfE45k+XmCpajQ== -----END CERTIFICATE----- # Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2007 VeriSign, Inc. - For authorized use only # Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2007 VeriSign, Inc. - For authorized use only # Label: "VeriSign Class 3 Public Primary Certification Authority - G4" # Serial: 63143484348153506665311985501458640051 # MD5 Fingerprint: 3a:52:e1:e7:fd:6f:3a:e3:6f:f3:6f:99:1b:f9:22:41 # SHA1 Fingerprint: 22:d5:d8:df:8f:02:31:d1:8d:f7:9d:b7:cf:8a:2d:64:c9:3f:6c:3a # SHA256 Fingerprint: 69:dd:d7:ea:90:bb:57:c9:3e:13:5d:c8:5e:a6:fc:d5:48:0b:60:32:39:bd:c4:54:fc:75:8b:2a:26:cf:7f:79 -----BEGIN CERTIFICATE----- MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC 4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== -----END CERTIFICATE----- # Issuer: CN=NetLock Arany (Class Gold) Főtanúsítvány O=NetLock Kft. OU=Tanúsítványkiadók (Certification Services) # Subject: CN=NetLock Arany (Class Gold) Főtanúsítvány O=NetLock Kft. OU=Tanúsítványkiadók (Certification Services) # Label: "NetLock Arany (Class Gold) Főtanúsítvány" # Serial: 80544274841616 # MD5 Fingerprint: c5:a1:b7:ff:73:dd:d6:d7:34:32:18:df:fc:3c:ad:88 # SHA1 Fingerprint: 06:08:3f:59:3f:15:a1:04:a0:69:a4:6b:a9:03:d0:06:b7:97:09:91 # SHA256 Fingerprint: 6c:61:da:c3:a2:de:f0:31:50:6b:e0:36:d2:a6:fe:40:19:94:fb:d1:3d:f9:c8:d4:66:59:92:74:c4:46:ec:98 -----BEGIN CERTIFICATE----- MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C +C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= -----END CERTIFICATE----- # Issuer: CN=Staat der Nederlanden Root CA - G2 O=Staat der Nederlanden # Subject: CN=Staat der Nederlanden Root CA - G2 O=Staat der Nederlanden # Label: "Staat der Nederlanden Root CA - G2" # Serial: 10000012 # MD5 Fingerprint: 7c:a5:0f:f8:5b:9a:7d:6d:30:ae:54:5a:e3:42:a2:8a # SHA1 Fingerprint: 59:af:82:79:91:86:c7:b4:75:07:cb:cf:03:57:46:eb:04:dd:b7:16 # SHA256 Fingerprint: 66:8c:83:94:7d:a6:3b:72:4b:ec:e1:74:3c:31:a0:e6:ae:d0:db:8e:c5:b3:1b:e3:77:bb:78:4f:91:b6:71:6f -----BEGIN CERTIFICATE----- MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291 qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp 5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy 5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv 6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6 B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/ BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen 5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897 IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL +63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ== -----END CERTIFICATE----- # Issuer: CN=CA Disig O=Disig a.s. # Subject: CN=CA Disig O=Disig a.s. # Label: "CA Disig" # Serial: 1 # MD5 Fingerprint: 3f:45:96:39:e2:50:87:f7:bb:fe:98:0c:3c:20:98:e6 # SHA1 Fingerprint: 2a:c8:d5:8b:57:ce:bf:2f:49:af:f2:fc:76:8f:51:14:62:90:7a:41 # SHA256 Fingerprint: 92:bf:51:19:ab:ec:ca:d0:b1:33:2d:c4:e1:d0:5f:ba:75:b5:67:90:44:ee:0c:a2:6e:93:1f:74:4f:2f:33:cf -----BEGIN CERTIFICATE----- MIIEDzCCAvegAwIBAgIBATANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJTSzET MBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcgYS5zLjERMA8GA1UE AxMIQ0EgRGlzaWcwHhcNMDYwMzIyMDEzOTM0WhcNMTYwMzIyMDEzOTM0WjBKMQsw CQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlzbGF2YTETMBEGA1UEChMKRGlzaWcg YS5zLjERMA8GA1UEAxMIQ0EgRGlzaWcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw ggEKAoIBAQCS9jHBfYj9mQGp2HvycXXxMcbzdWb6UShGhJd4NLxs/LxFWYgmGErE Nx+hSkS943EE9UQX4j/8SFhvXJ56CbpRNyIjZkMhsDxkovhqFQ4/61HhVKndBpnX mjxUizkDPw/Fzsbrg3ICqB9x8y34dQjbYkzo+s7552oftms1grrijxaSfQUMbEYD XcDtab86wYqg6I7ZuUUohwjstMoVvoLdtUSLLa2GDGhibYVW8qwUYzrG0ZmsNHhW S8+2rT+MitcE5eN4TPWGqvWP+j1scaMtymfraHtuM6kMgiioTGohQBUgDCZbg8Kp FhXAJIJdKxatymP2dACw30PEEGBWZ2NFAgMBAAGjgf8wgfwwDwYDVR0TAQH/BAUw AwEB/zAdBgNVHQ4EFgQUjbJJaJ1yCCW5wCf1UJNWSEZx+Y8wDgYDVR0PAQH/BAQD AgEGMDYGA1UdEQQvMC2BE2Nhb3BlcmF0b3JAZGlzaWcuc2uGFmh0dHA6Ly93d3cu ZGlzaWcuc2svY2EwZgYDVR0fBF8wXTAtoCugKYYnaHR0cDovL3d3dy5kaXNpZy5z ay9jYS9jcmwvY2FfZGlzaWcuY3JsMCygKqAohiZodHRwOi8vY2EuZGlzaWcuc2sv Y2EvY3JsL2NhX2Rpc2lnLmNybDAaBgNVHSAEEzARMA8GDSuBHpGT5goAAAABAQEw DQYJKoZIhvcNAQEFBQADggEBAF00dGFMrzvY/59tWDYcPQuBDRIrRhCA/ec8J9B6 yKm2fnQwM6M6int0wHl5QpNt/7EpFIKrIYwvF/k/Ji/1WcbvgAa3mkkp7M5+cTxq EEHA9tOasnxakZzArFvITV734VP/Q3f8nktnbNfzg9Gg4H8l37iYC5oyOGwwoPP/ CBUz91BKez6jPiCp3C9WgArtQVCwyfTssuMmRAAOb54GvCKWU3BlxFAKRmukLyeB EicTXxChds6KezfqwzlhA5WYOudsiCUI/HloDYd9Yvi0X/vF2Ey9WLw/Q1vUHgFN PGO+I++MzVpQuGhU+QqZMxEA4Z7CRneC9VkGjCFMhwnN5ag= -----END CERTIFICATE----- # Issuer: CN=Juur-SK O=AS Sertifitseerimiskeskus # Subject: CN=Juur-SK O=AS Sertifitseerimiskeskus # Label: "Juur-SK" # Serial: 999181308 # MD5 Fingerprint: aa:8e:5d:d9:f8:db:0a:58:b7:8d:26:87:6c:82:35:55 # SHA1 Fingerprint: 40:9d:4b:d9:17:b5:5c:27:b6:9b:64:cb:98:22:44:0d:cd:09:b8:89 # SHA256 Fingerprint: ec:c3:e9:c3:40:75:03:be:e0:91:aa:95:2f:41:34:8f:f8:8b:aa:86:3b:22:64:be:fa:c8:07:90:15:74:e9:39 -----BEGIN CERTIFICATE----- MIIE5jCCA86gAwIBAgIEO45L/DANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZIhvcN AQkBFglwa2lAc2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZp dHNlZXJpbWlza2Vza3VzMRAwDgYDVQQDEwdKdXVyLVNLMB4XDTAxMDgzMDE0MjMw MVoXDTE2MDgyNjE0MjMwMVowXTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMQsw CQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEQ MA4GA1UEAxMHSnV1ci1TSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AIFxNj4zB9bjMI0TfncyRsvPGbJgMUaXhvSYRqTCZUXP00B841oiqBB4M8yIsdOB SvZiF3tfTQou0M+LI+5PAk676w7KvRhj6IAcjeEcjT3g/1tf6mTll+g/mX8MCgkz ABpTpyHhOEvWgxutr2TC+Rx6jGZITWYfGAriPrsfB2WThbkasLnE+w0R9vXW+RvH LCu3GFH+4Hv2qEivbDtPL+/40UceJlfwUR0zlv/vWT3aTdEVNMfqPxZIe5EcgEMP PbgFPtGzlc3Yyg/CQ2fbt5PgIoIuvvVoKIO5wTtpeyDaTpxt4brNj3pssAki14sL 2xzVWiZbDcDq5WDQn/413z8CAwEAAaOCAawwggGoMA8GA1UdEwEB/wQFMAMBAf8w ggEWBgNVHSAEggENMIIBCTCCAQUGCisGAQQBzh8BAQEwgfYwgdAGCCsGAQUFBwIC MIHDHoHAAFMAZQBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0ACAAbwBuACAAdgDk AGwAagBhAHMAdABhAHQAdQBkACAAQQBTAC0AaQBzACAAUwBlAHIAdABpAGYAaQB0 AHMAZQBlAHIAaQBtAGkAcwBrAGUAcwBrAHUAcwAgAGEAbABhAG0ALQBTAEsAIABz AGUAcgB0AGkAZgBpAGsAYQBhAHQAaQBkAGUAIABrAGkAbgBuAGkAdABhAG0AaQBz AGUAawBzMCEGCCsGAQUFBwIBFhVodHRwOi8vd3d3LnNrLmVlL2Nwcy8wKwYDVR0f BCQwIjAgoB6gHIYaaHR0cDovL3d3dy5zay5lZS9qdXVyL2NybC8wHQYDVR0OBBYE FASqekej5ImvGs8KQKcYP2/v6X2+MB8GA1UdIwQYMBaAFASqekej5ImvGs8KQKcY P2/v6X2+MA4GA1UdDwEB/wQEAwIB5jANBgkqhkiG9w0BAQUFAAOCAQEAe8EYlFOi CfP+JmeaUOTDBS8rNXiRTHyoERF5TElZrMj3hWVcRrs7EKACr81Ptcw2Kuxd/u+g kcm2k298gFTsxwhwDY77guwqYHhpNjbRxZyLabVAyJRld/JXIWY7zoVAtjNjGr95 HvxcHdMdkxuLDF2FvZkwMhgJkVLpfKG6/2SSmuz+Ne6ML678IIbsSt4beDI3poHS na9aEhbKmVv8b20OxaAehsmR0FyYgl9jDIpaq9iVpszLita/ZEuOyoqysOkhMp6q qIWYNIE5ITuoOlIyPfZrN4YGWhWY3PARZv40ILcD9EEQfTmEeZZyY7aWAuVrua0Z TbvGRNs2yyqcjg== -----END CERTIFICATE----- # Issuer: CN=Hongkong Post Root CA 1 O=Hongkong Post # Subject: CN=Hongkong Post Root CA 1 O=Hongkong Post # Label: "Hongkong Post Root CA 1" # Serial: 1000 # MD5 Fingerprint: a8:0d:6f:39:78:b9:43:6d:77:42:6d:98:5a:cc:23:ca # SHA1 Fingerprint: d6:da:a8:20:8d:09:d2:15:4d:24:b5:2f:cb:34:6e:b2:58:b2:8a:58 # SHA256 Fingerprint: f9:e6:7d:33:6c:51:00:2a:c0:54:c6:32:02:2d:66:dd:a2:e7:e3:ff:f1:0a:d0:61:ed:31:d8:bb:b4:10:cf:b2 -----BEGIN CERTIFICATE----- MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi AmvZWg== -----END CERTIFICATE----- # Issuer: CN=SecureSign RootCA11 O=Japan Certification Services, Inc. # Subject: CN=SecureSign RootCA11 O=Japan Certification Services, Inc. # Label: "SecureSign RootCA11" # Serial: 1 # MD5 Fingerprint: b7:52:74:e2:92:b4:80:93:f2:75:e4:cc:d7:f2:ea:26 # SHA1 Fingerprint: 3b:c4:9f:48:f8:f3:73:a0:9c:1e:bd:f8:5b:b1:c3:65:c7:d8:11:b3 # SHA256 Fingerprint: bf:0f:ee:fb:9e:3a:58:1a:d5:f9:e9:db:75:89:98:57:43:d2:61:08:5c:4d:31:4f:6f:5d:72:59:aa:42:16:12 -----BEGIN CERTIFICATE----- MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0 MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8 h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9 UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni 8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5 pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN QSdJQO7e5iNEOdyhIta6A/I= -----END CERTIFICATE----- # Issuer: CN=ACEDICOM Root O=EDICOM OU=PKI # Subject: CN=ACEDICOM Root O=EDICOM OU=PKI # Label: "ACEDICOM Root" # Serial: 7029493972724711941 # MD5 Fingerprint: 42:81:a0:e2:1c:e3:55:10:de:55:89:42:65:96:22:e6 # SHA1 Fingerprint: e0:b4:32:2e:b2:f6:a5:68:b6:54:53:84:48:18:4a:50:36:87:43:84 # SHA256 Fingerprint: 03:95:0f:b4:9a:53:1f:3e:19:91:94:23:98:df:a9:e0:ea:32:d7:ba:1c:dd:9b:c8:5d:b5:7e:d9:40:0b:43:4a -----BEGIN CERTIFICATE----- MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQGA1UE AwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00x CzAJBgNVBAYTAkVTMB4XDTA4MDQxODE2MjQyMloXDTI4MDQxMzE2MjQyMlowRDEW MBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZF RElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC AgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7w2rbYgIB8hiGtXxaOLHkWLn7 09gtn70yN78sFW2+tfQh0hOR2QetAQXW8713zl9CgQr5auODAKgrLlUTY4HKRxx7 XBZXehuDYAQ6PmXDzQHe3qTWDLqO3tkE7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5P Grjm6gSSrj0RuVFCPYewMYWveVqc/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAK t0SdE3QrwqXrIhWYENiLxQSfHY9g5QYbm8+5eaA9oiM/Qj9r+hwDezCNzmzAv+Yb X79nuIQZ1RXve8uQNjFiybwCq0Zfm/4aaJQ0PZCOrfbkHQl/Sog4P75n/TSW9R28 MHTLOO7VbKvU/PQAtwBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTTxKJxqvQU fecyuB+81fFOvW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI 2Sf23EgbsCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyH K9caUPgn6C9D4zq92Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEae ZAwUswdbxcJzbPEHXEUkFDWug/FqTYl6+rPYLWbwNof1K1MCAwEAAaOBqjCBpzAP BgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz4SsrSbbXc6GqlPUB53NlTKxQ MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU9QHnc2VMrFAw RAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly9hY2VkaWNv bS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEBBQUAA4ICAQDOLAtSUWIm fQwng4/F9tqgaHtPkl7qpHMyEVNEskTLnewPeUKzEKbHDZ3Ltvo/Onzqv4hTGzz3 gvoFNTPhNahXwOf9jU8/kzJPeGYDdwdY6ZXIfj7QeQCM8htRM5u8lOk6e25SLTKe I6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH1PwkzQSulgUV1qzOMPPKC8W64iLgpq0i 5ALudBF/TP94HTXa5gI06xgSYXcGCRZj6hitoocf8seACQl1ThCojz2GuHURwCRi ipZ7SkXp7FnFvmuD5uHorLUwHv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oIKiMn MCArz+2UW6yyetLHKKGKC5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZ o5NjEFIqnxQWWOLcpfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6 zqylfDJKZ0DcMDQj3dcEI2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacN GHk0vFQYXlPKNFHtRQrmjseCNj6nOGOpMCwXEGCSn1WHElkQwg9naRHMTh5+Spqt r0CodaxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3otkYNbn5XOmeUwssfnHdK Z05phkOTOPu220+DkdRgfks+KzgHVZhepA== -----END CERTIFICATE----- # Issuer: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority # Subject: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority # Label: "Verisign Class 3 Public Primary Certification Authority" # Serial: 80507572722862485515306429940691309246 # MD5 Fingerprint: ef:5a:f1:33:ef:f1:cd:bb:51:02:ee:12:14:4b:96:c4 # SHA1 Fingerprint: a1:db:63:93:91:6f:17:e4:18:55:09:40:04:15:c7:02:40:b0:ae:6b # SHA256 Fingerprint: a4:b6:b3:99:6f:c2:f3:06:b3:fd:86:81:bd:63:41:3d:8c:50:09:cc:4f:a3:29:c2:cc:f0:e2:fa:1b:14:03:05 -----BEGIN CERTIFICATE----- MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i 2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ 2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ -----END CERTIFICATE----- # Issuer: CN=Microsec e-Szigno Root CA 2009 O=Microsec Ltd. # Subject: CN=Microsec e-Szigno Root CA 2009 O=Microsec Ltd. # Label: "Microsec e-Szigno Root CA 2009" # Serial: 14014712776195784473 # MD5 Fingerprint: f8:49:f4:03:bc:44:2d:83:be:48:69:7d:29:64:fc:b1 # SHA1 Fingerprint: 89:df:74:fe:5c:f4:0f:4a:80:f9:e3:37:7d:54:da:91:e1:01:31:8e # SHA256 Fingerprint: 3c:5f:81:fe:a5:fa:b8:2c:64:bf:a2:ea:ec:af:cd:e8:e0:77:fc:86:20:a7:ca:e5:37:16:3d:f3:6e:db:f3:78 -----BEGIN CERTIFICATE----- MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 +rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c 2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW -----END CERTIFICATE----- # Issuer: CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi O=Elektronik Bilgi Guvenligi A.S. # Subject: CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi O=Elektronik Bilgi Guvenligi A.S. # Label: "E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi" # Serial: 91184789765598910059173000485363494069 # MD5 Fingerprint: 3d:41:29:cb:1e:aa:11:74:cd:5d:b0:62:af:b0:43:5b # SHA1 Fingerprint: dd:e1:d2:a9:01:80:2e:1d:87:5e:84:b3:80:7e:4b:b1:fd:99:41:34 # SHA256 Fingerprint: e6:09:07:84:65:a4:19:78:0c:b6:ac:4c:1c:0b:fb:46:53:d9:d9:cc:6e:b3:94:6e:b7:f3:d6:99:97:ba:d5:98 -----BEGIN CERTIFICATE----- MIIDtjCCAp6gAwIBAgIQRJmNPMADJ72cdpW56tustTANBgkqhkiG9w0BAQUFADB1 MQswCQYDVQQGEwJUUjEoMCYGA1UEChMfRWxla3Ryb25payBCaWxnaSBHdXZlbmxp Z2kgQS5TLjE8MDoGA1UEAxMzZS1HdXZlbiBLb2sgRWxla3Ryb25payBTZXJ0aWZp a2EgSGl6bWV0IFNhZ2xheWljaXNpMB4XDTA3MDEwNDExMzI0OFoXDTE3MDEwNDEx MzI0OFowdTELMAkGA1UEBhMCVFIxKDAmBgNVBAoTH0VsZWt0cm9uaWsgQmlsZ2kg R3V2ZW5saWdpIEEuUy4xPDA6BgNVBAMTM2UtR3V2ZW4gS29rIEVsZWt0cm9uaWsg U2VydGlmaWthIEhpem1ldCBTYWdsYXlpY2lzaTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAMMSIJ6wXgBljU5Gu4Bc6SwGl9XzcslwuedLZYDBS75+PNdU MZTe1RK6UxYC6lhj71vY8+0qGqpxSKPcEC1fX+tcS5yWCEIlKBHMilpiAVDV6wlT L/jDj/6z/P2douNffb7tC+Bg62nsM+3YjfsSSYMAyYuXjDtzKjKzEve5TfL0TW3H 5tYmNwjy2f1rXKPlSFxYvEK+A1qBuhw1DADT9SN+cTAIJjjcJRFHLfO6IxClv7wC 90Nex/6wN1CZew+TzuZDLMN+DfIcQ2Zgy2ExR4ejT669VmxMvLz4Bcpk9Ok0oSy1 c+HCPujIyTQlCFzz7abHlJ+tiEMl1+E5YP6sOVkCAwEAAaNCMEAwDgYDVR0PAQH/ BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJ/uRLOU1fqRTy7ZVZoE VtstxNulMA0GCSqGSIb3DQEBBQUAA4IBAQB/X7lTW2M9dTLn+sR0GstG30ZpHFLP qk/CaOv/gKlR6D1id4k9CnU58W5dF4dvaAXBlGzZXd/aslnLpRCKysw5zZ/rTt5S /wzw9JKp8mxTq5vSR6AfdPebmvEvFZ96ZDAYBzwqD2fK/A+JYZ1lpTzlvBNbCNvj /+27BrtqBrF6T2XGgv0enIu1De5Iu7i9qgi0+6N8y5/NkHZchpZ4Vwpm+Vganf2X KWDeEaaQHBkc7gGWIjQ0LpH5t8Qn0Xvmv/uARFoW5evg1Ao4vOSR49XrXMGs3xtq fJ7lddK2l4fbzIcrQzqECK+rPNv3PGYxhrCdU3nt+CPeQuMtgvEP5fqX -----END CERTIFICATE----- # Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3 # Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3 # Label: "GlobalSign Root CA - R3" # Serial: 4835703278459759426209954 # MD5 Fingerprint: c5:df:b8:49:ca:05:13:55:ee:2d:ba:1a:c3:3e:b0:28 # SHA1 Fingerprint: d6:9b:56:11:48:f0:1c:77:c5:45:78:c1:09:26:df:5b:85:69:76:ad # SHA256 Fingerprint: cb:b5:22:d7:b7:f1:27:ad:6a:01:13:86:5b:df:1c:d4:10:2e:7d:07:59:af:63:5a:7c:f4:72:0d:c9:63:c5:3b -----BEGIN CERTIFICATE----- MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH WD9f -----END CERTIFICATE----- # Issuer: CN=TC TrustCenter Universal CA III O=TC TrustCenter GmbH OU=TC TrustCenter Universal CA # Subject: CN=TC TrustCenter Universal CA III O=TC TrustCenter GmbH OU=TC TrustCenter Universal CA # Label: "TC TrustCenter Universal CA III" # Serial: 2010889993983507346460533407902964 # MD5 Fingerprint: 9f:dd:db:ab:ff:8e:ff:45:21:5f:f0:6c:9d:8f:fe:2b # SHA1 Fingerprint: 96:56:cd:7b:57:96:98:95:d0:e1:41:46:68:06:fb:b8:c6:11:06:87 # SHA256 Fingerprint: 30:9b:4a:87:f6:ca:56:c9:31:69:aa:a9:9c:6d:98:88:54:d7:89:2b:d5:43:7e:2d:07:b2:9c:be:da:55:d3:5d -----BEGIN CERTIFICATE----- MIID4TCCAsmgAwIBAgIOYyUAAQACFI0zFQLkbPQwDQYJKoZIhvcNAQEFBQAwezEL MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJDAiBgNV BAsTG1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQTEoMCYGA1UEAxMfVEMgVHJ1 c3RDZW50ZXIgVW5pdmVyc2FsIENBIElJSTAeFw0wOTA5MDkwODE1MjdaFw0yOTEy MzEyMzU5NTlaMHsxCzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRl ciBHbWJIMSQwIgYDVQQLExtUQyBUcnVzdENlbnRlciBVbml2ZXJzYWwgQ0ExKDAm BgNVBAMTH1RDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQSBJSUkwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC2pxisLlxErALyBpXsq6DFJmzNEubkKLF 5+cvAqBNLaT6hdqbJYUtQCggbergvbFIgyIpRJ9Og+41URNzdNW88jBmlFPAQDYv DIRlzg9uwliT6CwLOunBjvvya8o84pxOjuT5fdMnnxvVZ3iHLX8LR7PH6MlIfK8v zArZQe+f/prhsq75U7Xl6UafYOPfjdN/+5Z+s7Vy+EutCHnNaYlAJ/Uqwa1D7KRT yGG299J5KmcYdkhtWyUB0SbFt1dpIxVbYYqt8Bst2a9c8SaQaanVDED1M4BDj5yj dipFtK+/fz6HP3bFzSreIMUWWMv5G/UPyw0RUmS40nZid4PxWJ//AgMBAAGjYzBh MB8GA1UdIwQYMBaAFFbn4VslQ4Dg9ozhcbyO5YAvxEjiMA8GA1UdEwEB/wQFMAMB Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRW5+FbJUOA4PaM4XG8juWAL8RI 4jANBgkqhkiG9w0BAQUFAAOCAQEAg8ev6n9NCjw5sWi+e22JLumzCecYV42Fmhfz dkJQEw/HkG8zrcVJYCtsSVgZ1OK+t7+rSbyUyKu+KGwWaODIl0YgoGhnYIg5IFHY aAERzqf2EQf27OysGh+yZm5WZ2B6dF7AbZc2rrUNXWZzwCUyRdhKBgePxLcHsU0G DeGl6/R1yrqc0L2z0zIkTO5+4nYES0lT2PLpVDP85XEfPRRclkvxOvIAu2y0+pZV CIgJwcyRGSmwIC3/yzikQOEXvnlhgP8HA4ZMTnsGnxGGjYnuJ8Tb4rwZjgvDwxPH LQNjO9Po5KIqwoIIlBZU8O8fJ5AluA0OKBtHd0e9HKgl8ZS0Zg== -----END CERTIFICATE----- # Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 # Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 # Label: "Autoridad de Certificacion Firmaprofesional CIF A62634068" # Serial: 6047274297262753887 # MD5 Fingerprint: 73:3a:74:7a:ec:bb:a3:96:a6:c2:e4:e2:c8:9b:c0:c3 # SHA1 Fingerprint: ae:c5:fb:3f:c8:e1:bf:c4:e5:4f:03:07:5a:9a:e8:00:b7:f7:b6:fa # SHA256 Fingerprint: 04:04:80:28:bf:1f:28:64:d4:8f:9a:d4:d8:32:94:36:6a:82:88:56:55:3f:3b:14:30:3f:90:14:7f:5d:40:ef -----BEGIN CERTIFICATE----- MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF 6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF 661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS 3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF 3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V -----END CERTIFICATE----- # Issuer: CN=Izenpe.com O=IZENPE S.A. # Subject: CN=Izenpe.com O=IZENPE S.A. # Label: "Izenpe.com" # Serial: 917563065490389241595536686991402621 # MD5 Fingerprint: a6:b0:cd:85:80:da:5c:50:34:a3:39:90:2f:55:67:73 # SHA1 Fingerprint: 2f:78:3d:25:52:18:a7:4a:65:39:71:b5:2c:a2:9c:45:15:6f:e9:19 # SHA256 Fingerprint: 25:30:cc:8e:98:32:15:02:ba:d9:6f:9b:1f:ba:1b:09:9e:2d:29:9e:0f:45:48:bb:91:4f:36:3b:c0:d4:53:1f -----BEGIN CERTIFICATE----- MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== -----END CERTIFICATE----- # Issuer: CN=Chambers of Commerce Root - 2008 O=AC Camerfirma S.A. # Subject: CN=Chambers of Commerce Root - 2008 O=AC Camerfirma S.A. # Label: "Chambers of Commerce Root - 2008" # Serial: 11806822484801597146 # MD5 Fingerprint: 5e:80:9e:84:5a:0e:65:0b:17:02:f3:55:18:2a:3e:d7 # SHA1 Fingerprint: 78:6a:74:ac:76:ab:14:7f:9c:6a:30:50:ba:9e:a8:7e:fe:9a:ce:3c # SHA256 Fingerprint: 06:3e:4a:fa:c4:91:df:d3:32:f3:08:9b:85:42:e9:46:17:d8:93:d7:fe:94:4e:10:a7:93:7e:e2:9d:96:93:c0 -----BEGIN CERTIFICATE----- MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR 5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s +12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 +HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF 5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ d0jQ -----END CERTIFICATE----- # Issuer: CN=Global Chambersign Root - 2008 O=AC Camerfirma S.A. # Subject: CN=Global Chambersign Root - 2008 O=AC Camerfirma S.A. # Label: "Global Chambersign Root - 2008" # Serial: 14541511773111788494 # MD5 Fingerprint: 9e:80:ff:78:01:0c:2e:c1:36:bd:fe:96:90:6e:08:f3 # SHA1 Fingerprint: 4a:bd:ee:ec:95:0d:35:9c:89:ae:c7:52:a1:2c:5b:29:f6:d6:aa:0c # SHA256 Fingerprint: 13:63:35:43:93:34:a7:69:80:16:a0:d3:24:de:72:28:4e:07:9d:7b:52:20:bb:8f:bd:74:78:16:ee:be:ba:ca -----BEGIN CERTIFICATE----- MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r 6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z 09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B -----END CERTIFICATE----- # Issuer: CN=Go Daddy Root Certificate Authority - G2 O=GoDaddy.com, Inc. # Subject: CN=Go Daddy Root Certificate Authority - G2 O=GoDaddy.com, Inc. # Label: "Go Daddy Root Certificate Authority - G2" # Serial: 0 # MD5 Fingerprint: 80:3a:bc:22:c1:e6:fb:8d:9b:3b:27:4a:32:1b:9a:01 # SHA1 Fingerprint: 47:be:ab:c9:22:ea:e8:0e:78:78:34:62:a7:9f:45:c2:54:fd:e6:8b # SHA256 Fingerprint: 45:14:0b:32:47:eb:9c:c8:c5:b4:f0:d7:b5:30:91:f7:32:92:08:9e:6e:5a:63:e2:74:9d:d3:ac:a9:19:8e:da -----BEGIN CERTIFICATE----- MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH /PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu 9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo 2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI 4uJEvlz36hz1 -----END CERTIFICATE----- # Issuer: CN=Starfield Root Certificate Authority - G2 O=Starfield Technologies, Inc. # Subject: CN=Starfield Root Certificate Authority - G2 O=Starfield Technologies, Inc. # Label: "Starfield Root Certificate Authority - G2" # Serial: 0 # MD5 Fingerprint: d6:39:81:c6:52:7e:96:69:fc:fc:ca:66:ed:05:f2:96 # SHA1 Fingerprint: b5:1c:06:7c:ee:2b:0c:3d:f8:55:ab:2d:92:f4:fe:39:d4:e7:0f:0e # SHA256 Fingerprint: 2c:e1:cb:0b:f9:d2:f9:e1:02:99:3f:be:21:51:52:c3:b2:dd:0c:ab:de:1c:68:e5:31:9b:83:91:54:db:b7:f5 -----BEGIN CERTIFICATE----- MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg 8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 -----END CERTIFICATE----- # Issuer: CN=Starfield Services Root Certificate Authority - G2 O=Starfield Technologies, Inc. # Subject: CN=Starfield Services Root Certificate Authority - G2 O=Starfield Technologies, Inc. # Label: "Starfield Services Root Certificate Authority - G2" # Serial: 0 # MD5 Fingerprint: 17:35:74:af:7b:61:1c:eb:f4:f9:3c:e2:ee:40:f9:a2 # SHA1 Fingerprint: 92:5a:8f:8d:2c:6d:04:e0:66:5f:59:6a:ff:22:d8:63:e8:25:6f:3f # SHA256 Fingerprint: 56:8d:69:05:a2:c8:87:08:a4:b3:02:51:90:ed:cf:ed:b1:97:4a:60:6a:13:c6:e5:29:0f:cb:2a:e6:3e:da:b5 -----BEGIN CERTIFICATE----- MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk 6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn 0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN sSi6 -----END CERTIFICATE----- # Issuer: CN=AffirmTrust Commercial O=AffirmTrust # Subject: CN=AffirmTrust Commercial O=AffirmTrust # Label: "AffirmTrust Commercial" # Serial: 8608355977964138876 # MD5 Fingerprint: 82:92:ba:5b:ef:cd:8a:6f:a6:3d:55:f9:84:f6:d6:b7 # SHA1 Fingerprint: f9:b5:b6:32:45:5f:9c:be:ec:57:5f:80:dc:e9:6e:2c:c7:b2:78:b7 # SHA256 Fingerprint: 03:76:ab:1d:54:c5:f9:80:3c:e4:b2:e2:01:a0:ee:7e:ef:7b:57:b6:36:e8:a9:3c:9b:8d:48:60:c9:6f:5f:a7 -----BEGIN CERTIFICATE----- MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= -----END CERTIFICATE----- # Issuer: CN=AffirmTrust Networking O=AffirmTrust # Subject: CN=AffirmTrust Networking O=AffirmTrust # Label: "AffirmTrust Networking" # Serial: 8957382827206547757 # MD5 Fingerprint: 42:65:ca:be:01:9a:9a:4c:a9:8c:41:49:cd:c0:d5:7f # SHA1 Fingerprint: 29:36:21:02:8b:20:ed:02:f5:66:c5:32:d1:d6:ed:90:9f:45:00:2f # SHA256 Fingerprint: 0a:81:ec:5a:92:97:77:f1:45:90:4a:f3:8d:5d:50:9f:66:b5:e2:c5:8f:cd:b5:31:05:8b:0e:17:f3:f0:b4:1b -----BEGIN CERTIFICATE----- MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp 6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= -----END CERTIFICATE----- # Issuer: CN=AffirmTrust Premium O=AffirmTrust # Subject: CN=AffirmTrust Premium O=AffirmTrust # Label: "AffirmTrust Premium" # Serial: 7893706540734352110 # MD5 Fingerprint: c4:5d:0e:48:b6:ac:28:30:4e:0a:bc:f9:38:16:87:57 # SHA1 Fingerprint: d8:a6:33:2c:e0:03:6f:b1:85:f6:63:4f:7d:6a:06:65:26:32:28:27 # SHA256 Fingerprint: 70:a7:3f:7f:37:6b:60:07:42:48:90:45:34:b1:14:82:d5:bf:0e:69:8e:cc:49:8d:f5:25:77:eb:f2:e9:3b:9a -----BEGIN CERTIFICATE----- MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ +jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S 5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B 8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc 0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e KeC2uAloGRwYQw== -----END CERTIFICATE----- # Issuer: CN=AffirmTrust Premium ECC O=AffirmTrust # Subject: CN=AffirmTrust Premium ECC O=AffirmTrust # Label: "AffirmTrust Premium ECC" # Serial: 8401224907861490260 # MD5 Fingerprint: 64:b0:09:55:cf:b1:d5:99:e2:be:13:ab:a6:5d:ea:4d # SHA1 Fingerprint: b8:23:6b:00:2f:1d:16:86:53:01:55:6c:11:a4:37:ca:eb:ff:c3:bb # SHA256 Fingerprint: bd:71:fd:f6:da:97:e4:cf:62:d1:64:7a:dd:25:81:b0:7d:79:ad:f8:39:7e:b4:ec:ba:9c:5e:84:88:82:14:23 -----BEGIN CERTIFICATE----- MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D 0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== -----END CERTIFICATE----- # Issuer: CN=Certum Trusted Network CA O=Unizeto Technologies S.A. OU=Certum Certification Authority # Subject: CN=Certum Trusted Network CA O=Unizeto Technologies S.A. OU=Certum Certification Authority # Label: "Certum Trusted Network CA" # Serial: 279744 # MD5 Fingerprint: d5:e9:81:40:c5:18:69:fc:46:2c:89:75:62:0f:aa:78 # SHA1 Fingerprint: 07:e0:32:e0:20:b7:2c:3f:19:2f:06:28:a2:59:3a:19:a7:0f:06:9e # SHA256 Fingerprint: 5c:58:46:8d:55:f5:8e:49:7e:74:39:82:d2:b5:00:10:b6:d1:65:37:4a:cf:83:a7:d4:a3:2d:b7:68:c4:40:8e -----BEGIN CERTIFICATE----- MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI 03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= -----END CERTIFICATE----- # Issuer: CN=Certinomis - Autorité Racine O=Certinomis OU=0002 433998903 # Subject: CN=Certinomis - Autorité Racine O=Certinomis OU=0002 433998903 # Label: "Certinomis - Autorité Racine" # Serial: 1 # MD5 Fingerprint: 7f:30:78:8c:03:e3:ca:c9:0a:e2:c9:ea:1e:aa:55:1a # SHA1 Fingerprint: 2e:14:da:ec:28:f0:fa:1e:8e:38:9a:4e:ab:eb:26:c0:0a:d3:83:c3 # SHA256 Fingerprint: fc:bf:e2:88:62:06:f7:2b:27:59:3c:8b:07:02:97:e1:2d:76:9e:d1:0e:d7:93:07:05:a8:09:8e:ff:c1:4d:17 -----BEGIN CERTIFICATE----- MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjET MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAk BgNVBAMMHUNlcnRpbm9taXMgLSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4 Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNl cnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYwJAYDVQQDDB1DZXJ0 aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP ADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jY F1AMnmHawE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N 8y4oH3DfVS9O7cdxbwlyLu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWe rP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K /OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92NjMD2AR5vpTESOH2VwnHu 7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9qc1pkIuVC 28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6 lSTClrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1E nn1So2+WLhl+HPNbxxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB 0iSVL1N6aaLwD4ZFjliCK0wi1F6g530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql09 5gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna4NH4+ej9Uji29YnfAgMBAAGj WzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQN jLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9s ov3/4gbIOZ/xWqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZM OH8oMDX/nyNTt7buFHAAQCvaR6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q 619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40nJ+U8/aGH88bc62UeYdocMMzpXDn 2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1BCxMjidPJC+iKunqj o3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjvJL1v nxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG 5ERQL1TEqkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWq pdEdnV1j6CTmNhTih60bWfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZb dsLLO7XSAPCjDuGtbkD326C00EauFddEwk01+dIL8hf2rGbVJLJP0RyZwG71fet0 BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/vgt2Fl43N+bYdJeimUV5 -----END CERTIFICATE----- # Issuer: CN=Root CA Generalitat Valenciana O=Generalitat Valenciana OU=PKIGVA # Subject: CN=Root CA Generalitat Valenciana O=Generalitat Valenciana OU=PKIGVA # Label: "Root CA Generalitat Valenciana" # Serial: 994436456 # MD5 Fingerprint: 2c:8c:17:5e:b1:54:ab:93:17:b5:36:5a:db:d1:c6:f2 # SHA1 Fingerprint: a0:73:e5:c5:bd:43:61:0d:86:4c:21:13:0a:85:58:57:cc:9c:ea:46 # SHA256 Fingerprint: 8c:4e:df:d0:43:48:f3:22:96:9e:7e:29:a4:cd:4d:ca:00:46:55:06:1c:16:e1:b0:76:42:2e:f3:42:ad:63:0e -----BEGIN CERTIFICATE----- MIIGizCCBXOgAwIBAgIEO0XlaDANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJF UzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJ R1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwHhcN MDEwNzA2MTYyMjQ3WhcNMjEwNzAxMTUyMjQ3WjBoMQswCQYDVQQGEwJFUzEfMB0G A1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJR1ZBMScw JQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGKqtXETcvIorKA3Qdyu0togu8M1JAJke+ WmmmO3I2F0zo37i7L3bhQEZ0ZQKQUgi0/6iMweDHiVYQOTPvaLRfX9ptI6GJXiKj SgbwJ/BXufjpTjJ3Cj9BZPPrZe52/lSqfR0grvPXdMIKX/UIKFIIzFVd0g/bmoGl u6GzwZTNVOAydTGRGmKy3nXiz0+J2ZGQD0EbtFpKd71ng+CT516nDOeB0/RSrFOy A8dEJvt55cs0YFAQexvba9dHq198aMpunUEDEO5rmXteJajCq+TA81yc477OMUxk Hl6AovWDfgzWyoxVjr7gvkkHD6MkQXpYHYTqWBLI4bft75PelAgxAgMBAAGjggM7 MIIDNzAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnBr aS5ndmEuZXMwEgYDVR0TAQH/BAgwBgEB/wIBAjCCAjQGA1UdIASCAiswggInMIIC IwYKKwYBBAG/VQIBADCCAhMwggHoBggrBgEFBQcCAjCCAdoeggHWAEEAdQB0AG8A cgBpAGQAYQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEAYwBpAPMAbgAgAFIA YQDtAHoAIABkAGUAIABsAGEAIABHAGUAbgBlAHIAYQBsAGkAdABhAHQAIABWAGEA bABlAG4AYwBpAGEAbgBhAC4ADQAKAEwAYQAgAEQAZQBjAGwAYQByAGEAYwBpAPMA bgAgAGQAZQAgAFAAcgDhAGMAdABpAGMAYQBzACAAZABlACAAQwBlAHIAdABpAGYA aQBjAGEAYwBpAPMAbgAgAHEAdQBlACAAcgBpAGcAZQAgAGUAbAAgAGYAdQBuAGMA aQBvAG4AYQBtAGkAZQBuAHQAbwAgAGQAZQAgAGwAYQAgAHAAcgBlAHMAZQBuAHQA ZQAgAEEAdQB0AG8AcgBpAGQAYQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEA YwBpAPMAbgAgAHMAZQAgAGUAbgBjAHUAZQBuAHQAcgBhACAAZQBuACAAbABhACAA ZABpAHIAZQBjAGMAaQDzAG4AIAB3AGUAYgAgAGgAdAB0AHAAOgAvAC8AdwB3AHcA LgBwAGsAaQAuAGcAdgBhAC4AZQBzAC8AYwBwAHMwJQYIKwYBBQUHAgEWGWh0dHA6 Ly93d3cucGtpLmd2YS5lcy9jcHMwHQYDVR0OBBYEFHs100DSHHgZZu90ECjcPk+y eAT8MIGVBgNVHSMEgY0wgYqAFHs100DSHHgZZu90ECjcPk+yeAT8oWykajBoMQsw CQYDVQQGEwJFUzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0G A1UECxMGUEtJR1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVu Y2lhbmGCBDtF5WgwDQYJKoZIhvcNAQEFBQADggEBACRhTvW1yEICKrNcda3Fbcrn lD+laJWIwVTAEGmiEi8YPyVQqHxK6sYJ2fR1xkDar1CdPaUWu20xxsdzCkj+IHLt b8zog2EWRpABlUt9jppSCS/2bxzkoXHPjCpaF3ODR00PNvsETUlR4hTJZGH71BTg 9J63NI8KJr2XXPR5OkowGcytT6CYirQxlyric21+eLj4iIlPsSKRZEv1UN4D2+XF ducTZnV+ZfsBn5OHiJ35Rld8TWCvmHMTI6QgkYH60GFmuH3Rr9ZvHmw96RH9qfmC IoaZM3Fa6hlXPZHNqcCjbgcTpsnt+GijnsNacgmHKNHEc8RzGF9QdRYxn7fofMM= -----END CERTIFICATE----- # Issuer: CN=A-Trust-nQual-03 O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH OU=A-Trust-nQual-03 # Subject: CN=A-Trust-nQual-03 O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH OU=A-Trust-nQual-03 # Label: "A-Trust-nQual-03" # Serial: 93214 # MD5 Fingerprint: 49:63:ae:27:f4:d5:95:3d:d8:db:24:86:b8:9c:07:53 # SHA1 Fingerprint: d3:c0:63:f2:19:ed:07:3e:34:ad:5d:75:0b:32:76:29:ff:d5:9a:f2 # SHA256 Fingerprint: 79:3c:bf:45:59:b9:fd:e3:8a:b2:2d:f1:68:69:f6:98:81:ae:14:c4:b0:13:9a:c7:88:a7:8a:1a:fc:ca:02:fb -----BEGIN CERTIFICATE----- MIIDzzCCAregAwIBAgIDAWweMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MDgxNzIyMDAw MFoXDTE1MDgxNzIyMDAwMFowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH 2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1 k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs 2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC AQEAVdRU0VlIXLOThaq/Yy/kgM40ozRiPvbY7meIMQQDbwvUB/tOdQ/TLtPAF8fG KOwGDREkDg6lXb+MshOWcdzUzg4NCmgybLlBMRmrsQd7TZjTXLDR8KdCoLXEjq/+ 8T/0709GAHbrAvv5ndJAlseIOrifEXnzgGWovR/TeIGgUUw3tKZdJXDRZslo+S4R FGjxVJgIrCaSD96JntT6s3kr0qN51OyLrIdTaEJMUVF0HhsnLuP1Hyl0Te2v9+GS mYHovjrHF1D2t8b8m7CKa9aIA5GPBnc6hQLdmNVDeD/GMBWsm2vLV7eJUYs66MmE DNuxUCAKGkq6ahq97BvIxYSazQ== -----END CERTIFICATE----- # Issuer: CN=TWCA Root Certification Authority O=TAIWAN-CA OU=Root CA # Subject: CN=TWCA Root Certification Authority O=TAIWAN-CA OU=Root CA # Label: "TWCA Root Certification Authority" # Serial: 1 # MD5 Fingerprint: aa:08:8f:f6:f9:7b:b7:f2:b1:a7:1e:9b:ea:ea:bd:79 # SHA1 Fingerprint: cf:9e:87:6d:d3:eb:fc:42:26:97:a3:b5:a3:7a:a0:76:a9:06:23:48 # SHA256 Fingerprint: bf:d8:8f:e1:10:1c:41:ae:3e:80:1b:f8:be:56:35:0e:e9:ba:d1:a6:b9:bd:51:5e:dc:5c:6d:5b:87:11:ac:44 -----BEGIN CERTIFICATE----- MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx 3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== -----END CERTIFICATE----- # Issuer: O=SECOM Trust Systems CO.,LTD. OU=Security Communication RootCA2 # Subject: O=SECOM Trust Systems CO.,LTD. OU=Security Communication RootCA2 # Label: "Security Communication RootCA2" # Serial: 0 # MD5 Fingerprint: 6c:39:7d:a4:0e:55:59:b2:3f:d6:41:b1:12:50:de:43 # SHA1 Fingerprint: 5f:3b:8c:f2:f8:10:b3:7d:78:b4:ce:ec:19:19:c3:73:34:b9:c7:74 # SHA256 Fingerprint: 51:3b:2c:ec:b8:10:d4:cd:e5:dd:85:39:1a:df:c6:c2:dd:60:d8:7b:b7:36:d2:b5:21:48:4a:a4:7a:0e:be:f6 -----BEGIN CERTIFICATE----- MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy 1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 -----END CERTIFICATE----- # Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011 O=Hellenic Academic and Research Institutions Cert. Authority # Subject: CN=Hellenic Academic and Research Institutions RootCA 2011 O=Hellenic Academic and Research Institutions Cert. Authority # Label: "Hellenic Academic and Research Institutions RootCA 2011" # Serial: 0 # MD5 Fingerprint: 73:9f:4c:4b:73:5b:79:e9:fa:ba:1c:ef:6e:cb:d5:c9 # SHA1 Fingerprint: fe:45:65:9b:79:03:5b:98:a1:61:b5:51:2e:ac:da:58:09:48:22:4d # SHA256 Fingerprint: bc:10:4f:15:a4:8b:e7:09:dc:a5:42:a7:e1:d4:b9:df:6f:05:45:27:e8:02:ea:a9:2d:59:54:44:25:8a:fe:71 -----BEGIN CERTIFICATE----- MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD 75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp 5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p 6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI l7WdmplNsDz4SgCbZN2fOUvRJ9e4 -----END CERTIFICATE----- # Issuer: CN=Actalis Authentication Root CA O=Actalis S.p.A./03358520967 # Subject: CN=Actalis Authentication Root CA O=Actalis S.p.A./03358520967 # Label: "Actalis Authentication Root CA" # Serial: 6271844772424770508 # MD5 Fingerprint: 69:c1:0d:4f:07:a3:1b:c3:fe:56:3d:04:bc:11:f6:a6 # SHA1 Fingerprint: f3:73:b3:87:06:5a:28:84:8a:f2:f3:4a:ce:19:2b:dd:c7:8e:9c:ac # SHA256 Fingerprint: 55:92:60:84:ec:96:3a:64:b9:6e:2a:be:01:ce:0b:a8:6a:64:fb:fe:bc:c7:aa:b5:af:c1:55:b3:7f:d7:60:66 -----BEGIN CERTIFICATE----- MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX 4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ 51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== -----END CERTIFICATE----- # Issuer: O=Trustis Limited OU=Trustis FPS Root CA # Subject: O=Trustis Limited OU=Trustis FPS Root CA # Label: "Trustis FPS Root CA" # Serial: 36053640375399034304724988975563710553 # MD5 Fingerprint: 30:c9:e7:1e:6b:e6:14:eb:65:b2:16:69:20:31:67:4d # SHA1 Fingerprint: 3b:c0:38:0b:33:c3:f6:a6:0c:86:15:22:93:d9:df:f5:4b:81:c0:04 # SHA256 Fingerprint: c1:b4:82:99:ab:a5:20:8f:e9:63:0a:ce:55:ca:68:a0:3e:da:5a:51:9c:88:02:a0:d3:a6:73:be:8f:8e:55:7d -----BEGIN CERTIFICATE----- MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+ AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA 0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/ BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01 GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4 1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN ZetX2fNXlrtIzYE= -----END CERTIFICATE----- # Issuer: CN=StartCom Certification Authority O=StartCom Ltd. OU=Secure Digital Certificate Signing # Subject: CN=StartCom Certification Authority O=StartCom Ltd. OU=Secure Digital Certificate Signing # Label: "StartCom Certification Authority" # Serial: 45 # MD5 Fingerprint: c9:3b:0d:84:41:fc:a4:76:79:23:08:57:de:10:19:16 # SHA1 Fingerprint: a3:f1:33:3f:e2:42:bf:cf:c5:d1:4e:8f:39:42:98:40:68:10:d1:a0 # SHA256 Fingerprint: e1:78:90:ee:09:a3:fb:f4:f4:8b:9c:41:4a:17:d6:37:b7:a5:06:47:e9:bc:75:23:22:72:7f:cc:17:42:a9:11 -----BEGIN CERTIFICATE----- MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM3WhcNMzYwOTE3MTk0NjM2WjB9 MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w +2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B 26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID AQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFul F2mHMMo0aEPQQa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCC ATgwLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5w ZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2ludGVybWVk aWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENvbW1lcmNpYWwgKFN0 YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUg c2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0 aWZpY2F0aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgG CWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1 dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5fPGFf59Jb2vKXfuM/gTF wWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWmN3PH/UvS Ta0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst 0OcNOrg+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNc pRJvkrKTlMeIFw6Ttn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKl CcWw0bdT82AUuoVpaiF8H3VhFyAXe2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVF P0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA2MFrLH9ZXF2RsXAiV+uKa0hK 1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBsHvUwyKMQ5bLm KhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ 8dCAWZvLMdibD4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnm fyWl8kgAwKQB2j8= -----END CERTIFICATE----- # Issuer: CN=StartCom Certification Authority G2 O=StartCom Ltd. # Subject: CN=StartCom Certification Authority G2 O=StartCom Ltd. # Label: "StartCom Certification Authority G2" # Serial: 59 # MD5 Fingerprint: 78:4b:fb:9e:64:82:0a:d3:b8:4c:62:f3:64:f2:90:64 # SHA1 Fingerprint: 31:f1:fd:68:22:63:20:ee:c6:3b:3f:9d:ea:4a:3e:53:7c:7c:39:17 # SHA256 Fingerprint: c7:ba:65:67:de:93:a7:98:ae:1f:aa:79:1e:71:2d:37:8f:ae:1f:93:c4:39:7f:ea:44:1b:b7:cb:e6:fd:59:95 -----BEGIN CERTIFICATE----- MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEW MBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlm aWNhdGlvbiBBdXRob3JpdHkgRzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1 OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoG A1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRzIwggIiMA0G CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8Oo1XJ JZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsD vfOpL9HG4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnoo D/Uefyf3lLE3PbfHkffiAez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/ Q0kGi4xDuFby2X8hQxfqp0iVAXV16iulQ5XqFYSdCI0mblWbq9zSOdIxHWDirMxW RST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbsO+wmETRIjfaAKxojAuuK HDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8HvKTlXcxN nw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM 0D4LnMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/i UUjXuG+v+E5+M5iSFGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9 Ha90OrInwMEePnWjFqmveiJdnxMaz6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHg TuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE AwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJKoZIhvcNAQEL BQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K 2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfX UfEpY9Z1zRbkJ4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl 6/2o1PXWT6RbdejF0mCy2wl+JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK 9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG/+gyRr61M3Z3qAFdlsHB1b6uJcDJ HgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTcnIhT76IxW1hPkWLI wpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/XldblhY XzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5l IxKVCCIcl85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoo hdVddLHRDiBYmxOlsGOm7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulr so8uBtjRkcfGEvRM/TAXw8HaOFvjqermobp573PYtlNXLfbQ4ddI -----END CERTIFICATE----- # Issuer: CN=Buypass Class 2 Root CA O=Buypass AS-983163327 # Subject: CN=Buypass Class 2 Root CA O=Buypass AS-983163327 # Label: "Buypass Class 2 Root CA" # Serial: 2 # MD5 Fingerprint: 46:a7:d2:fe:45:fb:64:5a:a8:59:90:9b:78:44:9b:29 # SHA1 Fingerprint: 49:0a:75:74:de:87:0a:47:fe:58:ee:f6:c7:6b:eb:c6:0b:12:40:99 # SHA256 Fingerprint: 9a:11:40:25:19:7c:5b:b9:5d:94:e6:3d:55:cd:43:79:08:47:b6:46:b2:3c:df:11:ad:a4:a0:0e:ff:15:fb:48 -----BEGIN CERTIFICATE----- MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr 6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN 9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h 9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo +fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h 3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= -----END CERTIFICATE----- # Issuer: CN=Buypass Class 3 Root CA O=Buypass AS-983163327 # Subject: CN=Buypass Class 3 Root CA O=Buypass AS-983163327 # Label: "Buypass Class 3 Root CA" # Serial: 2 # MD5 Fingerprint: 3d:3b:18:9e:2c:64:5a:e8:d5:88:ce:0e:f9:37:c2:ec # SHA1 Fingerprint: da:fa:f7:fa:66:84:ec:06:8f:14:50:bd:c7:c2:81:a5:bc:a9:64:57 # SHA256 Fingerprint: ed:f7:eb:bc:a2:7a:2a:38:4d:38:7b:7d:40:10:c6:66:e2:ed:b4:84:3e:4c:29:b4:ae:1d:5b:93:32:e6:b2:4d -----BEGIN CERTIFICATE----- MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX 0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c /3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D 34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv 033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq 4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= -----END CERTIFICATE----- # Issuer: CN=T-TeleSec GlobalRoot Class 3 O=T-Systems Enterprise Services GmbH OU=T-Systems Trust Center # Subject: CN=T-TeleSec GlobalRoot Class 3 O=T-Systems Enterprise Services GmbH OU=T-Systems Trust Center # Label: "T-TeleSec GlobalRoot Class 3" # Serial: 1 # MD5 Fingerprint: ca:fb:40:a8:4e:39:92:8a:1d:fe:8e:2f:c4:27:ea:ef # SHA1 Fingerprint: 55:a6:72:3e:cb:f2:ec:cd:c3:23:74:70:19:9d:2a:be:11:e3:81:d1 # SHA256 Fingerprint: fd:73:da:d3:1c:64:4f:f1:b4:3b:ef:0c:cd:da:96:71:0b:9c:d9:87:5e:ca:7e:31:70:7a:f3:e9:6d:52:2b:bd -----BEGIN CERTIFICATE----- MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN 8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ 1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT 91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p TpPDpFQUWw== -----END CERTIFICATE----- # Issuer: CN=EE Certification Centre Root CA O=AS Sertifitseerimiskeskus # Subject: CN=EE Certification Centre Root CA O=AS Sertifitseerimiskeskus # Label: "EE Certification Centre Root CA" # Serial: 112324828676200291871926431888494945866 # MD5 Fingerprint: 43:5e:88:d4:7d:1a:4a:7e:fd:84:2e:52:eb:01:d4:6f # SHA1 Fingerprint: c9:a8:b9:e7:55:80:5e:58:e3:53:77:a7:25:eb:af:c3:7b:27:cc:d7 # SHA256 Fingerprint: 3e:84:ba:43:42:90:85:16:e7:75:73:c0:99:2f:09:79:ca:08:4e:46:85:68:1f:f1:95:cc:ba:8a:22:9b:8a:76 -----BEGIN CERTIFICATE----- MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1 MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE 1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/ zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0= -----END CERTIFICATE----- tlsdate-0.0.7/configure.ac000066400000000000000000000511011230412117200154330ustar00rootroot00000000000000AC_INIT([tlsdate],[0.0.7],[jacob at appelbaum.net]) AC_CONFIG_AUX_DIR([config]) AC_CONFIG_MACRO_DIR([m4]) AC_CANONICAL_TARGET AC_ARG_PROGRAM AC_USE_SYSTEM_EXTENSIONS AM_INIT_AUTOMAKE([-Wall -Werror -Wno-portability subdir-objects foreign tar-ustar]) AC_PREREQ([2.63]) AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. PKG_PROG_PKG_CONFIG LT_PREREQ([2.2]) LT_INIT LT_LANG([C]) gl_VISIBILITY m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) CONFIG_EXTRA AX_PLATFORM dnl Here we should build a small program to fetch the build system time in a portable dnl manner. We have no Win32 users, we can fix this if we ever find one that dnl cares. COMPILE_DATE=`date +%s` AC_SUBST([COMPILE_DATE]) AC_DEFINE_UNQUOTED([RECENT_COMPILE_DATE], [(uint32_t) ${COMPILE_DATE}], [Time in seconds since the Disco epoch at build time]) dnl Build up the directory we will use to install certs TLSDATE_CA_ROOTS="${sysconfdir}/$PACKAGE_NAME/ca-roots" AC_SUBST([TLSDATE_CA_ROOTS]) dnl Place we install our config file TLSDATE_CONF_DIR="${sysconfdir}/$PACKAGE_NAME/" AC_SUBST([TLSDATE_CONF_DIR]) dnl HTTPS User-agent AC_ARG_WITH([https-user-agent], [AS_HELP_STRING([--with-https-user-agent=AGENT], [a User-Agent value to send when running in HTTPS mode])], [], [with_https_user_agent="TLSDate/1.0"]) AC_DEFINE_UNQUOTED([HTTPS_USER_AGENT], ["${with_https_user_agent}"], [User-Agent value to send when running as an HTTPS client]) dnl check for PolarSSL OPT_POLARSSL=yes AC_MSG_CHECKING([PolarSSL]) AC_ARG_WITH([polarssl], [AS_HELP_STRING([--with-polarssl=DIR], [where to look for PolarSSL, DIR points to the installation root])]) AS_CASE([$with_polarssl], [""|yes|no], [POLARSSL_DIR=""], [*], [POLARSSL_DIR=$with_polarssl]) OPT_POLARSSL=$with_polarssl SSL_FLAGS="" SSL_LDFLAGS="" SSL_LIBS="-lssl -lcrypto" AS_IF([test "x${OPT_POLARSSL}" != "xno"], [ AS_IF([test -z "${POLARSSL_DIR}"], [ dnl check for lib first without setting any new path AC_CHECK_LIB(polarssl, ssl_init, dnl libpolarssl found, set the variable [ AC_DEFINE(USE_POLARSSL, 1, [if PolarSSL is enabled]) AC_SUBST(USE_POLARSSL, [1]) POLARSSL_ENABLED=1 USE_POLARSSL="yes" ]) ]) addld="" addlib="" addcflags="" polarssllib="" AS_IF([test "x${USE_POLARSSL}" != "xyes"], [ dnl add the path and test again addld=-L${POLARSSL_DIR}/lib$libsuff addcflags=-I${POLARSSL_DIR}/include polarssllib=${POLARSSL_DIR}/lib$libsuff LDFLAGS="$LDFLAGS $addld" AS_IF([test "$addcflags" != "-I/usr/include"], [ AX_APPEND_COMPILE_FLAGS(["$addcflags"]) CPPFLAGS="$CPPFLAGS $addcflags" ]) AC_CHECK_LIB(polarssl, ssl_init, [ AC_DEFINE(USE_POLARSSL, 1, [if PolarSSL is enabled]) AC_SUBST(USE_POLARSSL, [1]) POLARSSL_ENABLED=1 USE_POLARSSL="yes" SSL_CFLAGS=$addcflags SSL_LDFLAGS=$addld ]) ]) AS_IF([test "x${USE_POLARSSL}" = "xyes"], [ AC_MSG_NOTICE([detected PolarSSL]) SSL_LIBS="-lpolarssl" AS_IF([test -n "$polarssllib"], [ dnl when shared libs were found in a path that the run-time dnl linker doesn't search through, we need to add it to dnl LD_LIBRARY_PATH to prevent further configure tests to fail dnl due to this AS_IF([test "x$cross_compiling" != "xyes"], [ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$polarssllib" export LD_LIBRARY_PATH AC_MSG_NOTICE([Added $polarssllib to LD_LIBRARY_PATH]) ]) ]) ]) ]) AC_SUBST(SSL_CFLAGS) AC_SUBST(SSL_LDFLAGS) AC_SUBST(SSL_LIBS) AM_CONDITIONAL(POLARSSL, test "x${USE_POLARSSL}" = "xyes") dnl Required headers AS_IF([test "x${USE_POLARSSL}" != "xyes"], [ dnl First check to see if openssl is installed AC_CHECK_HEADERS([openssl/ssl.h], ,[AC_MSG_ERROR([OpenSSL is not installed, openssl/sslh is missing])]) AC_CHECK_HEADERS([openssl/bio.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([openssl/err.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([openssl/evp.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) ]) AC_CHECK_HEADERS([arpa/inet.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([getopt.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([grp.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([pwd.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([stdint.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([stdio.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([stdlib.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([sys/mman.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([sys/socket.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([sys/time.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([sys/types.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([sys/wait.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([time.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([unistd.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([linux/rtc.h]) AC_CHECK_TYPES([struct rtc_time], [], [], [ #ifdef HAVE_LINUX_RTC_H #include #endif ]) AC_CHECK_FUNCS([strchrnul]) AM_CONDITIONAL(HAVE_STRCHRNUL, [test "x${ac_cv_func_strchrnul}" = xyes]) AC_CHECK_FUNCS([strnlen]) AM_CONDITIONAL(HAVE_STRNLEN, [test "x${ac_cv_func_strnlen}" = xyes]) AC_CHECK_FUNCS([setresuid]) AC_CHECK_FUNCS([gettimeofday]) AC_CHECK_FUNCS([fmemopen funopen]) AM_CONDITIONAL(HAVE_FMEMOPEN, [test "x${ac_cv_func_fmemopen}" = xyes]) AM_CONDITIONAL(HAVE_FUNOPEN, [test "x${ac_cv_func_funopen}" = xyes]) case "$host" in *-darwin*) dnl This is for Mac OS X (10.8.2) AC_CHECK_HEADERS([mach/clock.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_CHECK_HEADERS([mach/mach.h], ,[AC_MSG_ERROR([Required headers missing; compilation will not succeed])]) AC_ARG_WITH([unpriv-group], [AS_HELP_STRING([--with-unpriv-group=], [Group to drop privs to @<:@default: nogroup@:>@])]) AS_CASE([$with_unpriv_group], [""|yes|no], [UNPRIV_GROUP="nobody"], [*], [UNPRIV_GROUP=$with_unpriv_group]) AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) ;; *-freebsd*) dnl This is for FreeBSD dnl clock_gettime is either part of libc or unavailable. AC_CHECK_FUNC([clock_gettime], , [AC_MSG_ERROR([Your system lacks clock_gettime])]) dnl If the autoconf goo picks up a compiler that runs in pre-POSIX mode, dnl the fmemopen prototype is hidden causing the unit tests to segfault. dnl This can happen if gcc is a symlink to gcc46 and is preferred to clang. AC_CHECK_FUNC([fmemopen], , [AC_MSG_ERROR([Missing fmemopen, unit tests are likely to segfault. Try CC=clang.])]) AC_ARG_WITH([unpriv-group], [AS_HELP_STRING([--with-unpriv-group=], [Group to drop privs to @<:@default: nobody@:>@])]) AS_CASE([$with_unpriv_group], [""|yes|no], [UNPRIV_GROUP="nobody"], [*], [UNPRIV_GROUP=$with_unpriv_group]) AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) ;; *kfreebsd*-gnu*) dnl This is for Debian GNU/kFreeBSD dnl clock_gettime is either part of libc or unavailable. dnl Check for clock_gettime. Some systems put it into -lc, while dnl others use -lrt. Try the first and fallback to the latter. RT_LIB= AC_CHECK_FUNC([clock_gettime], [:], [AC_CHECK_LIB([rt], [clock_gettime], [RT_LIB="-lrt"], [AC_MSG_ERROR([Your system lacks clock_gettime])])]) AC_SUBST(RT_LIB) dnl If the autoconf goo picks up a compiler that runs in pre-POSIX mode, dnl the fmemopen prototype is hidden causing the unit tests to segfault. dnl This can happen if gcc is a symlink to gcc46 and is preferred to clang. AC_CHECK_FUNC([fmemopen], , [AC_MSG_ERROR([Missing fmemopen, unit tests are likely to segfault. Try CC=clang.])]) AC_ARG_WITH([unpriv-group], [AS_HELP_STRING([--with-unpriv-group=], [Group to drop privs to @<:@default: nobody@:>@])]) AS_CASE([$with_unpriv_group], [""|yes|no], [UNPRIV_GROUP="nobody"], [*], [UNPRIV_GROUP=$with_unpriv_group]) AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) ;; *-netbsd*) dnl This is for NetBSD dnl clock_gettime is either part of libc or unavailable. AC_CHECK_FUNC([clock_gettime], , [AC_MSG_ERROR([Your system lacks clock_gettime])]) if test "x${ac_cv_func_fmemopen}" != xyes; then if test "x${ac_cv_func_funopen}" != xyes; then AC_MSG_ERROR([We need fmemopen or funopen for unit tests.]) fi fi AC_ARG_WITH([unpriv-group], [AS_HELP_STRING([--with-unpriv-group=], [Group to drop privs to @<:@default: nobody@:>@])]) AS_CASE([$with_unpriv_group], [""|yes|no], [UNPRIV_GROUP="nobody"], [*], [UNPRIV_GROUP=$with_unpriv_group]) AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) ;; *-openbsd*) dnl This is for OpenBSD dnl clock_gettime is either part of libc or unavailable. AC_CHECK_FUNC([clock_gettime], , [AC_MSG_ERROR([Your system lacks clock_gettime])]) dnl If the autoconf goo picks up a compiler that runs in pre-POSIX mode, dnl the fmemopen prototype is hidden causing the unit tests to segfault. dnl This can happen if gcc is a symlink to gcc46 and is preferred to clang. AC_CHECK_FUNC([fmemopen], , [AC_MSG_WARN([Missing fmemopen, unit tests are likely to segfault. Try CC=clang.])]) AC_ARG_WITH([unpriv-group], [AS_HELP_STRING([--with-unpriv-group=], [Group to drop privs to @<:@default: nobody@:>@])]) AS_CASE([$with_unpriv_group], [""|yes|no], [UNPRIV_GROUP="nobody"], [*], [UNPRIV_GROUP=$with_unpriv_group]) AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) ;; *dragonfly*) dnl This is for DragonFly BSD dnl clock_gettime is either part of libc or unavailable. AC_CHECK_FUNC([clock_gettime], , [AC_MSG_ERROR([Your system lacks clock_gettime])]) dnl If the autoconf goo picks up a compiler that runs in pre-POSIX mode, dnl the fmemopen prototype is hidden causing the unit tests to segfault. dnl This can happen if gcc is a symlink to gcc46 and is preferred to clang. AC_CHECK_FUNC([fmemopen], , [AC_MSG_WARN([Missing fmemopen, unit tests are likely to segfault. Try CC=clang.])]) AC_ARG_WITH([unpriv-group], [AS_HELP_STRING([--with-unpriv-group=], [Group to drop privs to @<:@default: nobody@:>@])]) AS_CASE([$with_unpriv_group], [""|yes|no], [UNPRIV_GROUP="nobody"], [*], [UNPRIV_GROUP=$with_unpriv_group]) AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) ;; *-bsd*) dnl This is a generic catch for BSD variants dnl This likely needs to be tuned to catch all dnl clock_gettime is either part of libc or unavailable. AC_CHECK_FUNC([clock_gettime], , [AC_MSG_ERROR([Your system lacks clock_gettime])]) dnl If the autoconf goo picks up a compiler that runs in pre-POSIX mode, dnl the fmemopen prototype is hidden causing the unit tests to segfault. dnl This can happen if gcc is a symlink to gcc46 and is preferred to clang. AC_CHECK_FUNC([fmemopen], , [AC_MSG_ERROR([Missing fmemopen, unit tests are likely to segfault. Try CC=clang.])]) AC_ARG_WITH([unpriv-group], [AS_HELP_STRING([--with-unpriv-group=], [Group to drop privs to @<:@default: nobody@:>@])]) AS_CASE([$with_unpriv_group], [""|yes|no], [UNPRIV_GROUP="nobody"], [*], [UNPRIV_GROUP=$with_unpriv_group]) AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) ;; *-linux*) dnl This is for GNU/Linux dnl Check for clock_gettime. Some systems put it into -lc, while dnl others use -lrt. Try the first and fallback to the latter. RT_LIB= AC_CHECK_FUNC([clock_gettime], [:], [AC_CHECK_LIB([rt], [clock_gettime], [RT_LIB="-lrt"], [AC_MSG_ERROR([Your system lacks clock_gettime])])]) AC_SUBST(RT_LIB) AC_ARG_WITH([unpriv-group], [AS_HELP_STRING([--with-unpriv-group=], [Group to drop privs to @<:@default: nogroup@:>@])]) AS_CASE([$with_unpriv_group], [""|yes|no], [UNPRIV_GROUP="nogroup"], [*], [UNPRIV_GROUP=$with_unpriv_group]) AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) case "$host" in *-linux-androideabi) dnl This is for Android NDK as it is a special case of linux AC_DEFINE(HAVE_ANDROID,1, [Defined if we are to build for an Android system]) AC_SUBST(HAVE_ANDROID, [1]) HAVE_ANDROID="yes" ;; esac ;; *-gnu0.*) dnl This is a generic catch for GNU/Hurd variants dnl Check for clock_gettime. Some systems put it into -lc, while dnl others use -lrt. Try the first and fallback to the latter. RT_LIB= AC_CHECK_FUNC([clock_gettime], [:], [AC_CHECK_LIB([rt], [clock_gettime], [RT_LIB="-lrt"], [AC_MSG_ERROR([Your system lacks clock_gettime])])]) AC_SUBST(RT_LIB) dnl If the autoconf goo picks up a compiler that runs in pre-POSIX mode, dnl the fmemopen prototype is hidden causing the unit tests to segfault. dnl This can happen if gcc is a symlink to gcc46 and is preferred to clang. AC_CHECK_FUNC([fmemopen], , [AC_MSG_ERROR([Missing fmemopen, unit tests are likely to segfault. Try CC=clang.])]) AC_ARG_WITH([unpriv-group], [AS_HELP_STRING([--with-unpriv-group=], [Group to drop privs to @<:@default: nobody@:>@])]) AS_CASE([$with_unpriv_group], [""|yes|no], [UNPRIV_GROUP="nogroup"], [*], [UNPRIV_GROUP=$with_unpriv_group]) AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) ;; *-cygwin*) dnl This is for Cygwin dnl Check for clock_gettime. Some systems put it into -lc, while dnl others use -lrt. Try the first and fallback to the latter. RT_LIB= AC_CHECK_FUNC([clock_gettime], [:], [AC_CHECK_LIB([rt], [clock_gettime], [RT_LIB="-lrt"], [AC_MSG_ERROR([Your system lacks clock_gettime])])]) AC_SUBST(RT_LIB) AC_ARG_WITH([unpriv-group], [AS_HELP_STRING([--with-unpriv-group=], [Group to drop privs to @<:@default: nogroup@:>@])]) AS_CASE([$with_unpriv_group], [""|yes|no], [UNPRIV_GROUP="nogroup"], [*], [UNPRIV_GROUP=$with_unpriv_group]) AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) ;; *-mingw32*) dnl This is for MINGW32_NT dnl Check for clock_gettime. Some systems put it into -lc, while dnl others use -lrt. Try the first and fallback to the latter. RT_LIB= AC_CHECK_FUNC([clock_gettime], [:], [AC_CHECK_LIB([rt], [clock_gettime], [RT_LIB="-lrt"], [AC_MSG_ERROR([Your system lacks clock_gettime])])]) AC_SUBST(RT_LIB) AC_ARG_WITH([unpriv-group], [AS_HELP_STRING([--with-unpriv-group=], [Group to drop privs to @<:@default: nogroup@:>@])]) AS_CASE([$with_unpriv_group], [""|yes|no], [UNPRIV_GROUP="nogroup"], [*], [UNPRIV_GROUP=$with_unpriv_group]) AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) ;; *-beos*|*-haiku*) dnl This is for BeOS and Haiku; we probably only support Haiku with gcc4 dnl Check for clock_gettime. Some systems put it into -lc, while dnl others use -lrt. Try the first and fallback to the latter. dnl on Haiku we require the bsd library for strsep RT_LIB= AC_CHECK_FUNC([clock_gettime], [:], [AC_CHECK_LIB([rt], [clock_gettime], [RT_LIB="-lrt"], [AC_MSG_ERROR([Your system lacks clock_gettime])])]) AC_SUBST(RT_LIB) AC_ARG_WITH([unpriv-group], [AS_HELP_STRING([--with-unpriv-group=], [Group to drop privs to @<:@default: nogroup@:>@])]) AS_CASE([$with_unpriv_group], [""|yes|no], [UNPRIV_GROUP="nogroup"], [*], [UNPRIV_GROUP=$with_unpriv_group]) AC_DEFINE_UNQUOTED([UNPRIV_GROUP], ["${UNPRIV_GROUP}"], [Unprivileged group]) LDFLAGS="$LDFLAGS -lbsd" CC="/boot/develop/abi/x86/gcc4/tools/gcc-4.6.3-haiku-121101/bin/gcc" ;; esac dnl Android conditional AM_CONDITIONAL(HAVE_ANDROID, test "x${HAVE_ANDROID}" = "xyes") AC_MSG_CHECKING([user/group to drop privs to]) AC_ARG_WITH([unpriv-user], [AS_HELP_STRING([--with-unpriv-user=], [User to drop privs to @<:@default: nobody@:>@])]) AS_CASE([$with_unpriv_user], [""|yes|no], [UNPRIV_USER="nobody"], [*], [UNPRIV_USER=$with_unpriv_user]) AC_DEFINE_UNQUOTED([UNPRIV_USER], ["${UNPRIV_USER}"], [Unprivileged user]) AC_MSG_RESULT(${UNPRIV_USER}:${UNPRIV_GROUP}) AC_ARG_ENABLE([dbus], [AS_HELP_STRING([--disable-dbus], [Disable automatically dbus support])]) AS_IF([test "x$enable_dbus" = xyes], [ PKG_CHECK_MODULES([DBUS], [dbus-1], [ AC_DEFINE([HAVE_DBUS], [1], [Enable dbus support]) AC_MSG_CHECKING([user/group to use for dbus]) AC_ARG_WITH([dbus-user], [AS_HELP_STRING([--with-dbus-user=], [User to send dbus signals from @<:@default: nobody@:>@])]) AS_CASE([$with_dbus_user], [""|yes|no], [DBUS_USER="nobody"], [*], [DBUS_USER=$with_dbus_user]) AC_ARG_WITH([dbus-group], [AS_HELP_STRING([--with-dbus-group=], [Group to send dbus signals from @<:@default: nogroup@:>@])]) AS_CASE([$with_dbus_group], [""|yes|no], [DBUS_GROUP="nogroup"], [*], [DBUS_GROUP=$with_dbus_group]) AC_MSG_RESULT(${DBUS_USER}:${DBUS_GROUP}) AC_DEFINE_UNQUOTED([DBUS_USER], ["${DBUS_USER}"], [DBus user]) AC_DEFINE_UNQUOTED([DBUS_GROUP], ["${DBUS_GROUP}"], [DBus group]) ], [ AS_IF([test "x$enable_dbus" = xyes], [AC_MSG_ERROR([dbus requested but not found])]) ]) ]) AC_SUBST(DBUS_CFLAGS) AC_SUBST(DBUS_LIBS) dnl Debug and hardening flags all in one shot dnl Always do this at the end, otherwise you end up filtering system/other libraries AC_ARG_ENABLE([hardened-checks], [AS_HELP_STRING([--disable-hardened-checks], [Disable automatically enabling hardened toolchain options])]) AC_DEFUN([LOCAL_CHECK_FLAGS],[ AC_REQUIRE([AX_CHECK_LINK_FLAG]) AC_REQUIRE([AX_APPEND_COMPILE_FLAGS]) AC_LANG_PUSH([C]) AS_IF([test "x$enable_hardened_checks" != xno], [ AX_APPEND_COMPILE_FLAGS([-g -O1]) ], [ AC_MSG_WARN([using hardened flags is HIGHLY RECOMMENDED and disabling them is a BAD IDEA]) ]) AX_APPEND_COMPILE_FLAGS([-Wall -fno-strict-aliasing]) AS_IF([test "x$enable_hardened_checks" != xno], [ AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2 -fstack-protector-all]) AX_APPEND_COMPILE_FLAGS([-fwrapv -fPIE -Wstack-protector]) AX_APPEND_COMPILE_FLAGS([--param=ssp-buffer-size=1]) AX_CHECK_LINK_FLAG([-z relro -z now]) AX_CHECK_LINK_FLAG([-pie]) ]) AC_LANG_POP ]) LOCAL_CHECK_FLAGS AC_ARG_ENABLE([code-coverage-checks], [AS_HELP_STRING([--enable-code-coverage-checks], [Enable gcov/lcov compile time options])], [AX_APPEND_COMPILE_FLAGS([-ftest-coverage -fprofile-arcs])]) AC_CONFIG_FILES([Makefile]) AC_OUTPUT tlsdate-0.0.7/etc/000077500000000000000000000000001230412117200137225ustar00rootroot00000000000000tlsdate-0.0.7/etc/tlsdated.conf000066400000000000000000000013611230412117200163760ustar00rootroot00000000000000# tlsdated example config file # for boolean options, "yes" enables them, any other value disables them. # see tlsdated.conf(5) for details about the options base-path /var/cache/tlsdated dry-run no jitter 0 max-tries 10 min-steady-state-interval 86400 should-load-disk yes should-netlink yes should-save-disk yes should-sync-hwclock yes steady-state-interval 86400 subprocess-timeout 30 verbose yes wait-between-tries 10 # Host configuration. source host www.ptb.de port 443 proxy none end tlsdate-0.0.7/m4/000077500000000000000000000000001230412117200134675ustar00rootroot00000000000000tlsdate-0.0.7/m4/ax_append_compile_flags.m4000066400000000000000000000055111230412117200205560ustar00rootroot00000000000000# =========================================================================== # http://www.gnu.org/software/autoconf-archive/ax_append_compile_flags.html # =========================================================================== # # SYNOPSIS # # AX_APPEND_COMPILE_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS]) # # DESCRIPTION # # For every FLAG1, FLAG2 it is checked whether the compiler works with the # flag. If it does, the flag is added FLAGS-VARIABLE # # If FLAGS-VARIABLE is not specified, the current language's flags (e.g. # CFLAGS) is used. During the check the flag is always added to the # current language's flags. # # If EXTRA-FLAGS is defined, it is added to the current language's default # flags (e.g. CFLAGS) when the check is done. The check is thus made with # the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to # force the compiler to issue an error when a bad flag is given. # # NOTE: This macro depends on the AX_APPEND_FLAG and # AX_CHECK_COMPILE_FLAG. Please keep this macro in sync with # AX_APPEND_LINK_FLAGS. # # LICENSE # # Copyright (c) 2011 Maarten Bosmans # # This program is free software: you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation, either version 3 of the License, or (at your # option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General # Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure # scripts that are the output of Autoconf when processing the Macro. You # need not follow the terms of the GNU General Public License when using # or distributing such scripts, even though portions of the text of the # Macro appear in them. The GNU General Public License (GPL) does govern # all other use of the material that constitutes the Autoconf Macro. # # This special exception to the GPL applies to versions of the Autoconf # Macro released by the Autoconf Archive. When you make and distribute a # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. #serial 3 AC_DEFUN([AX_APPEND_COMPILE_FLAGS], [AC_REQUIRE([AX_CHECK_COMPILE_FLAG]) AC_REQUIRE([AX_APPEND_FLAG]) for flag in $1; do AX_CHECK_COMPILE_FLAG([$flag], [AX_APPEND_FLAG([$flag], [$2])], [], [$3]) done ])dnl AX_APPEND_COMPILE_FLAGS tlsdate-0.0.7/m4/ax_append_flag.m4000066400000000000000000000053041230412117200166630ustar00rootroot00000000000000# =========================================================================== # http://www.gnu.org/software/autoconf-archive/ax_append_flag.html # =========================================================================== # # SYNOPSIS # # AX_APPEND_FLAG(FLAG, [FLAGS-VARIABLE]) # # DESCRIPTION # # FLAG is appended to the FLAGS-VARIABLE shell variable, with a space # added in between. # # If FLAGS-VARIABLE is not specified, the current language's flags (e.g. # CFLAGS) is used. FLAGS-VARIABLE is not changed if it already contains # FLAG. If FLAGS-VARIABLE is unset in the shell, it is set to exactly # FLAG. # # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. # # LICENSE # # Copyright (c) 2008 Guido U. Draheim # Copyright (c) 2011 Maarten Bosmans # # This program is free software: you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation, either version 3 of the License, or (at your # option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General # Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure # scripts that are the output of Autoconf when processing the Macro. You # need not follow the terms of the GNU General Public License when using # or distributing such scripts, even though portions of the text of the # Macro appear in them. The GNU General Public License (GPL) does govern # all other use of the material that constitutes the Autoconf Macro. # # This special exception to the GPL applies to versions of the Autoconf # Macro released by the Autoconf Archive. When you make and distribute a # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. #serial 2 AC_DEFUN([AX_APPEND_FLAG], [AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])dnl AS_VAR_SET_IF(FLAGS, [case " AS_VAR_GET(FLAGS) " in *" $1 "*) AC_RUN_LOG([: FLAGS already contains $1]) ;; *) AC_RUN_LOG([: FLAGS="$FLAGS $1"]) AS_VAR_SET(FLAGS, ["AS_VAR_GET(FLAGS) $1"]) ;; esac], [AS_VAR_SET(FLAGS,["$1"])]) AS_VAR_POPDEF([FLAGS])dnl ])dnl AX_APPEND_FLAG tlsdate-0.0.7/m4/ax_check_compile_flag.m4000066400000000000000000000062511230412117200202030ustar00rootroot00000000000000# =========================================================================== # http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html # =========================================================================== # # SYNOPSIS # # AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS]) # # DESCRIPTION # # Check whether the given FLAG works with the current language's compiler # or gives an error. (Warnings, however, are ignored) # # ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on # success/failure. # # If EXTRA-FLAGS is defined, it is added to the current language's default # flags (e.g. CFLAGS) when the check is done. The check is thus made with # the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to # force the compiler to issue an error when a bad flag is given. # # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this # macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. # # LICENSE # # Copyright (c) 2008 Guido U. Draheim # Copyright (c) 2011 Maarten Bosmans # # This program is free software: you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation, either version 3 of the License, or (at your # option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General # Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure # scripts that are the output of Autoconf when processing the Macro. You # need not follow the terms of the GNU General Public License when using # or distributing such scripts, even though portions of the text of the # Macro appear in them. The GNU General Public License (GPL) does govern # all other use of the material that constitutes the Autoconf Macro. # # This special exception to the GPL applies to versions of the Autoconf # Macro released by the Autoconf Archive. When you make and distribute a # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. #serial 2 AC_DEFUN([AX_CHECK_COMPILE_FLAG], [AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], [AS_VAR_SET(CACHEVAR,[yes])], [AS_VAR_SET(CACHEVAR,[no])]) _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes], [m4_default([$2], :)], [m4_default([$3], :)]) AS_VAR_POPDEF([CACHEVAR])dnl ])dnl AX_CHECK_COMPILE_FLAGS tlsdate-0.0.7/m4/ax_check_link_flag.m4000066400000000000000000000057601230412117200175140ustar00rootroot00000000000000# =========================================================================== # http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html # =========================================================================== # # SYNOPSIS # # AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS]) # # DESCRIPTION # # Check whether the given FLAG works with the linker or gives an error. # (Warnings, however, are ignored) # # ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on # success/failure. # # If EXTRA-FLAGS is defined, it is added to the linker's default flags # when the check is done. The check is thus made with the flags: "LDFLAGS # EXTRA-FLAGS FLAG". This can for example be used to force the linker to # issue an error when a bad flag is given. # # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this # macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG. # # LICENSE # # Copyright (c) 2008 Guido U. Draheim # Copyright (c) 2011 Maarten Bosmans # # This program is free software: you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation, either version 3 of the License, or (at your # option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General # Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program. If not, see . # # As a special exception, the respective Autoconf Macro's copyright owner # gives unlimited permission to copy, distribute and modify the configure # scripts that are the output of Autoconf when processing the Macro. You # need not follow the terms of the GNU General Public License when using # or distributing such scripts, even though portions of the text of the # Macro appear in them. The GNU General Public License (GPL) does govern # all other use of the material that constitutes the Autoconf Macro. # # This special exception to the GPL applies to versions of the Autoconf # Macro released by the Autoconf Archive. When you make and distribute a # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. #serial 2 AC_DEFUN([AX_CHECK_LINK_FLAG], [AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [ ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS $4 $1" AC_LINK_IFELSE([AC_LANG_PROGRAM()], [AS_VAR_SET(CACHEVAR,[yes])], [AS_VAR_SET(CACHEVAR,[no])]) LDFLAGS=$ax_check_save_flags]) AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes], [m4_default([$2], :)], [m4_default([$3], :)]) AS_VAR_POPDEF([CACHEVAR])dnl ])dnl AX_CHECK_LINK_FLAGS tlsdate-0.0.7/m4/ax_platform.m4000066400000000000000000000106601230412117200162500ustar00rootroot00000000000000# =========================================================================== # http:// # =========================================================================== # # SYNOPSIS # # AX_PLATFORM # # DESCRIPTION # # Provide target and host defines. # # LICENSE # # Copyright (c) 2012 Brian Aker # Copyleft (ↄ) 2013 Jacob Appelbaum # # Copying and distribution of this file, with or without modification, are # permitted in any medium without royalty provided the copyright notice # and this notice are preserved. This file is offered as-is, without any # warranty. #serial 1 AC_DEFUN([AX_PLATFORM], [AC_REQUIRE([AC_CANONICAL_HOST]) AC_REQUIRE([AC_CANONICAL_TARGET]) AC_DEFINE_UNQUOTED([HOST_VENDOR],["$host_vendor"],[Vendor of Build System]) AC_DEFINE_UNQUOTED([HOST_OS],["$host_os"], [OS of Build System]) AC_DEFINE_UNQUOTED([HOST_CPU],["$host_cpu"], [CPU of Build System]) AC_DEFINE_UNQUOTED([TARGET_VENDOR],["$target_vendor"],[Vendor of Target System]) AC_DEFINE_UNQUOTED([TARGET_OS],["$target_os"], [OS of Target System]) AC_DEFINE_UNQUOTED([TARGET_CPU],["$target_cpu"], [CPU of Target System]) AS_CASE([$target_os], [*mingw32*], [TARGET_OS_WINDOWS="true" AC_DEFINE([TARGET_OS_WINDOWS], [1], [Whether we are building for Windows]) AC_DEFINE([WINVER], [WindowsXP], [Version of Windows]) AC_DEFINE([_WIN32_WINNT], [0x0501], [Magical number to make things work]) AC_DEFINE([EAI_SYSTEM], [11], [Another magical number]) AH_BOTTOM([ #ifndef HAVE_SYS_SOCKET_H # define SHUT_RD SD_RECEIVE # define SHUT_WR SD_SEND # define SHUT_RDWR SD_BOTH #endif ])], [*mingw*], [TARGET_OS_MINGW="true" AC_DEFINE([TARGET_OS_MINGW],[1],[Whether we build for MinGW])], [*cygwin*], [TARGET_OS_CYGWIN="true" AC_DEFINE([TARGET_OS_CYGWIN],[1],[Whether we build for Cygwin])], [*haiku*], [TARGET_OS_HAIKU="true" AC_DEFINE([TARGET_OS_HAIKU],[1],[Whether we build for Haiku])], [*freebsd*], [TARGET_OS_FREEBSD="true" AC_DEFINE([TARGET_OS_FREEBSD],[1],[Whether we are building for FreeBSD])], [*kfreebsd*-gnu], [TARGET_OS_GNUKFREEBSD="true" TARGET_OS_FREEBSD="true" AC_DEFINE([TARGET_OS_FREEBSD],[1],[Whether we are building for FreeBSD]) AC_DEFINE([TARGET_OS_GNUKFREEBSD],[1],[Whether we are building for GNU/kFreeBSD])], [*netbsd*], [TARGET_OS_NETBSD="true" AC_DEFINE([TARGET_OS_NETBSD],[1],[Whether we are building for NetBSD])], [*openbsd*], [TARGET_OS_OPENBSD="true" AC_DEFINE([TARGET_OS_OPENBSD],[1],[Whether we are building for OpenBSD])], [*dragonfly*], [TARGET_OS_DRAGONFLYBSD="true" AC_DEFINE([TARGET_OS_DRAGONFLYBSD],[1],[Whether we are building for DragonFly BSD])], [*bsd*], [TARGET_OS_BSD="true" AC_DEFINE([TARGET_OS_BSD],[1],[Whether we are building for some other *BSD])], [*solaris*],[AC_DEFINE([TARGET_OS_SOLARIS],[1],[Whether we are building for Solaris])], [*darwin*], [TARGET_OS_OSX="true" AC_DEFINE([TARGET_OS_OSX],[1],[Whether we build for OSX])], [*linux*], [TARGET_OS_LINUX="true" AC_DEFINE([TARGET_OS_LINUX],[1],[Whether we build for Linux])], [*gnu*], [TARGET_OS_GNUHURD="true" AC_DEFINE([TARGET_OS_GNUHURD],[1],[Whether we build for GNU/Hurd])]) AM_CONDITIONAL([TARGET_WIN32],[test "x${TARGET_OS_WINDOWS}" = "xtrue"]) AM_CONDITIONAL([TARGET_MINGW],[test "x${TARGET_OS_MINGW}" = "xtrue"]) AM_CONDITIONAL([TARGET_CYGWIN],[test "x${TARGET_OS_CYGWIN}" = "xtrue"]) AM_CONDITIONAL([TARGET_HAIKU],[test "x${TARGET_OS_HAIKU}" = "xtrue"]) AM_CONDITIONAL([TARGET_OSX],[test "x${TARGET_OS_OSX}" = "xtrue"]) AM_CONDITIONAL([TARGET_GNUHURD],[test "x${TARGET_OS_GNUHURD}" = "xtrue"]) AM_CONDITIONAL([TARGET_LINUX],[test "x${TARGET_OS_LINUX}" = "xtrue"]) AM_CONDITIONAL([TARGET_FREEBSD],[test "x${TARGET_OS_FREEBSD}" = "xtrue"]) AM_CONDITIONAL([TARGET_GNUKFREEBSD],[test "x${TARGET_OS_GNUKFREEBSD}" = "xtrue"]) AM_CONDITIONAL([TARGET_NETBSD],[test "x${TARGET_OS_NETBSD}" = "xtrue"]) AM_CONDITIONAL([TARGET_OPENBSD],[test "x${TARGET_OS_OPENBSD}" = "xtrue"]) AM_CONDITIONAL([TARGET_DRAGONFLYBSD],[test "x${TARGET_OS_DRAGONFLYBSD}" = "xtrue"]) AM_CONDITIONAL([TARGET_BSD],[test "x${TARGET_OS_BSD}" = "xtrue"]) ]) tlsdate-0.0.7/m4/bottom.m4000066400000000000000000000004271230412117200152400ustar00rootroot00000000000000AC_DEFUN([CONFIG_EXTRA],[ AH_TOP([ #pragma once /* _SYS_FEATURE_TESTS_H is Solaris, _FEATURES_H is GCC */ #if defined( _SYS_FEATURE_TESTS_H) || defined(_FEATURES_H) #error "You should include config.h as your first include file" #endif ]) ]) tlsdate-0.0.7/m4/visibility.m4000066400000000000000000000064261230412117200161300ustar00rootroot00000000000000# visibility.m4 serial 4 (gettext-0.18.2) dnl Copyright (C) 2005, 2008, 2010-2011 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl From Bruno Haible. dnl Tests whether the compiler supports the command-line option dnl -fvisibility=hidden and the function and variable attributes dnl __attribute__((__visibility__("hidden"))) and dnl __attribute__((__visibility__("default"))). dnl Does *not* test for __visibility__("protected") - which has tricky dnl semantics (see the 'vismain' test in glibc) and does not exist e.g. on dnl MacOS X. dnl Does *not* test for __visibility__("internal") - which has processor dnl dependent semantics. dnl Does *not* test for #pragma GCC visibility push(hidden) - which is dnl "really only recommended for legacy code". dnl Set the variable CFLAG_VISIBILITY. dnl Defines and sets the variable HAVE_VISIBILITY. AC_DEFUN([gl_VISIBILITY], [ AC_REQUIRE([AC_PROG_CC]) CFLAG_VISIBILITY= HAVE_VISIBILITY=0 if test -n "$GCC"; then dnl First, check whether -Werror can be added to the command line, or dnl whether it leads to an error because of some other option that the dnl user has put into $CC $CFLAGS $CPPFLAGS. AC_MSG_CHECKING([whether the -Werror option is usable]) AC_CACHE_VAL([gl_cv_cc_vis_werror], [ gl_save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -Werror" AC_COMPILE_IFELSE( [AC_LANG_PROGRAM([[]], [[]])], [gl_cv_cc_vis_werror=yes], [gl_cv_cc_vis_werror=no]) CFLAGS="$gl_save_CFLAGS"]) AC_MSG_RESULT([$gl_cv_cc_vis_werror]) dnl Now check whether visibility declarations are supported. AC_MSG_CHECKING([for simple visibility declarations]) AC_CACHE_VAL([gl_cv_cc_visibility], [ gl_save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fvisibility=hidden" dnl We use the option -Werror and a function dummyfunc, because on some dnl platforms (Cygwin 1.7) the use of -fvisibility triggers a warning dnl "visibility attribute not supported in this configuration; ignored" dnl at the first function definition in every compilation unit, and we dnl don't want to use the option in this case. if test $gl_cv_cc_vis_werror = yes; then CFLAGS="$CFLAGS -Werror" fi AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [[extern __attribute__((__visibility__("hidden"))) int hiddenvar; extern __attribute__((__visibility__("default"))) int exportedvar; extern __attribute__((__visibility__("hidden"))) int hiddenfunc (void); extern __attribute__((__visibility__("default"))) int exportedfunc (void); void dummyfunc (void) {} ]], [[]])], [gl_cv_cc_visibility=yes], [gl_cv_cc_visibility=no]) CFLAGS="$gl_save_CFLAGS"]) AC_MSG_RESULT([$gl_cv_cc_visibility]) if test $gl_cv_cc_visibility = yes; then CFLAG_VISIBILITY="-fvisibility=hidden" HAVE_VISIBILITY=1 fi fi AC_SUBST([CFLAG_VISIBILITY]) AC_SUBST([HAVE_VISIBILITY]) AC_DEFINE_UNQUOTED([HAVE_VISIBILITY], [$HAVE_VISIBILITY], [Define to 1 or 0, depending whether the compiler supports simple visibility declarations.]) ]) tlsdate-0.0.7/man/000077500000000000000000000000001230412117200137225ustar00rootroot00000000000000tlsdate-0.0.7/man/tlsdate-dbus-announce.1000066400000000000000000000012471230412117200202070ustar00rootroot00000000000000.\" Process this file with .\" groff -man -Tascii foo.1 .\" .TH TLSDATE-DBUS-ANNOUNCE 1 "JANUARY 2013" Linux "User Manuals" .SH NAME tlsdate-dbus-announce \- secure parasitic rdate replacement dbus announcer .SH SYNOPSIS .B tlsdate-dbus-announce .SH DESCRIPTION .B tlsdate-dbus-announce is a tool for use with tlsdated. It is automatically launched by tlsdated to announce that the system time has changed. .SH BUGS It's likely! Let us know by contacting jacob@appelbaum.net Note that .B tlsdate(1) is still in Alpha, and may not work as expected. .SH AUTHOR Jacob Appelbaum .SH "SEE ALSO" .B tlsdated(1), .B tlsdate-helper(1) .B tlsdate-routeup(1) tlsdate-0.0.7/man/tlsdate-helper.1000066400000000000000000000026461230412117200167310ustar00rootroot00000000000000.\" Process this file with .\" groff -man -Tascii foo.1 .\" .TH TLSDATE 1 "OCTOBER 2012" Linux "User Manuals" .SH NAME tlsdate-helper \- secure parasitic rdate replacement .SH SYNOPSIS .B tlsdate-helper host port protocol ca_racket verbose certdir setclock \ showtime timewarp leapaway proxy-type://proxyhost:proxyport httpmode .SH DESCRIPTION .B tlsdate-helper is a tool for setting the system clock by hand or by communication with the network. It does not set the Real Time Clock. It is designed to be as secure as TLS (RFC 2246) but of course the security of TLS is often reduced to whichever CA racket you believe is trustworthy. By default, tlsdate-helper trusts your local CA root store - so any of these companies could assist in a MITM attack against you and you'd be screwed. The proxy argument expects HTTP, SOCKS4A or SOCKS5 formatted as followed: http://127.0.0.1:8118 socks4a://127.0.0.1:9050 socks5://127.0.0.1:9050 This tool is designed to be run by hand or as a system daemon. It must be run as root or otherwise have the proper caps; it will not be able to set the system time without running as root or another privileged user. .SH BUGS It's likely! Let us know by contacting jacob@appelbaum.net Note that .B tlsdate(1) is still in Alpha, and may not work as expected. .SH AUTHOR Jacob Appelbaum .SH "SEE ALSO" .B tlsdate(1), .B tlsdated(1) .B tlsdate-routeup(1) .B tlsdate-dbus-announce(1) tlsdate-0.0.7/man/tlsdate-routeup.1000066400000000000000000000013341230412117200171460ustar00rootroot00000000000000.\" Process this file with .\" groff -man -Tascii foo.1 .\" .TH TLSDATE 1 "OCTOBER 2012" Linux "User Manuals" .SH NAME tlsdate-routeup \- secure parasitic rdate replacement route change utility .SH SYNOPSIS .B tlsdate-routeup .SH DESCRIPTION .B tlsdate-routeup is a tool for noticing network route status changes. It binds to AF_NETLINK and prints 'n' followed by a CRLF for each route change. This tool is designed to be run by tlsdated. .SH BUGS It's likely! Let us know by contacting jacob@appelbaum.net Note that .B tlsdate(1) is still in Alpha, and may not work as expected. .SH AUTHOR Jacob Appelbaum .SH "SEE ALSO" .B tlsdate(1), .B tlsdated(1) .B tlsdate-helper(1) .B tlsdate-dbus-announce(1) tlsdate-0.0.7/man/tlsdate.1000066400000000000000000000105211230412117200154430ustar00rootroot00000000000000.\" Process this file with .\" groff -man -Tascii foo.1 .\" .TH TLSDATE 1 "OCTOBER 2012" Linux "User Manuals" .SH NAME tlsdate \- secure parasitic rdate replacement .SH SYNOPSIS .B tlsdate [\-hnvVstlw] [\-H [hostname]] [\-p [port]] [\-P [sslv23|sslv3|tlsv1]] \ [\-\-certdir [dirname]] [\-x [\-\-proxy] proxy\-type://proxyhost:proxyport] .SH DESCRIPTION .B tlsdate is a tool for setting the system clock by hand or by communication with the network. It does not set the Real Time Clock. It is designed to be as secure as TLS (RFC 2246) but of course the security of TLS is often reduced to whichever CA racket you believe is trustworthy. By default, tlsdate trusts your local CA root store - so any of these companies could assist in a MITM attack against you and you'd be screwed. This tool is designed to be run by hand or as a system daemon. It must be run as root or otherwise have the proper caps; it will not be able to set the system time without running as root or another privileged user. .SH OPTIONS .IP "\-h | \-\-help" Print the help message .IP "\-s | \-\-skip\-verification" Skip certificate verification .IP "\-H | \-\-host [hostname|ip]" Set remote hostname (default: 'www.ptb.de') .IP "\-n | \-\-dont\-set\-clock" Do not set the system clock to the time of the remote server .IP "\-p | \-\-port [port]" Set remote port (default: '443') .IP "\-P | \-\-protocol [sslv23|sslv3|tlsv1]" Set protocol to use when communicating with server (default: 'tlsv1') .IP "\-C | \-\-certdir [dirname]" Set the local directory where certificates are located (default: '/etc/ssl/certs') This allows for certificate or certificate authority (CA) pinning. To ensure that signatures are only valid if they are signed by a specific CA or certificate, set the path to a directory containing only the desired certificates. .IP "\-x | \-\-proxy [proxy\-type://proxyhost:proxyport]" The proxy argument expects HTTP, SOCKS4A or SOCKS5 formatted as followed: http://127.0.0.1:8118 socks4a://127.0.0.1:9050 socks5://127.0.0.1:9050 The proxy support should not leak DNS requests and is suitable for use with Tor. .IP "\-v | \-\-verbose" Provide verbose output .IP "\-V | \-\-showtime [human|raw]" Show the time retrieved from the remote server in a human-readable format or as a raw time_t. .IP "\-t | \-\-timewarp" If the local clock is before RECENT_COMPILE_DATE; we set the clock to the RECENT_COMPILE_DATE. If the local clock is after RECENT_COMPILE_DATE, we leave the clock alone. Clock setting is performed as the first operation and will impact certificate verification. Specifically, this option is helpful if on first boot, the local system clock is set back to the era of Disco and Terrible Hair. This should ensure that X509_V_ERR_CERT_NOT_YET_VALID or X509_V_ERR_CERT_HAS_EXPIRED are not encountered because of a broken RTC or the lack of a local RTC; we assume that tlsdate is recompiled yearly and that all certificates are otherwise considered valid. .IP "\-l | \-\-leap" Normally, the passing of time or time yet to come ensures that SSL verify functions will fail to validate certificates. Commonly, X509_V_ERR_CERT_NOT_YET_VALID and X509_V_ERR_CERT_HAS_EXPIRED are painfully annoying but still very important error states. When the only issue with the certificates in question is the timing information, this option allows you to trust the remote system's time, as long as it is after RECENT_COMPILE_DATE and before MAX_REASONABLE_TIME. The connection will only be trusted if X509_V_ERR_CERT_NOT_YET_VALID and/or X509_V_OKX509_V_ERR_CERT_HAS_EXPIRED are the only errors encountered. The SSL verify function will not return X509_V_OK if there are any other issues, such as self-signed certificates or if the user pins to a CA that is not used by the remote server. This is useful if your RTC is broken on boot and you are unable to use DNSEC until you've at least had some kind of leap of cryptographically assured data. .IP "\-w | \-\-http" Run in web mode: look for the time in an HTTP "Date" header inside an HTTPS connection, rather than in the TLS connection itself. The provided hostname and port must support HTTPS. .SH BUGS It's likely! Let us know by contacting jacob@appelbaum.net Note that .B tlsdate(1) is still in Alpha, and may not work as expected. .SH AUTHOR Jacob Appelbaum .SH "SEE ALSO" .B tlsdated(1), .B tlsdate-helper(1) .B tlsdate-routeup(1) .B tlsdate-dbus-announce(1) tlsdate-0.0.7/man/tlsdated.8000066400000000000000000000032571230412117200156260ustar00rootroot00000000000000.\" Process this file with .\" groff -man -Tascii foo.1 .\" .TH TLSDATED 1 "OCTOBER 2012" Linux "User Manuals" .SH NAME tlsdated \- secure parasitic rdate replacement daemon .SH SYNOPSIS .B tlsdated [\-wprlsvh] \ [\-t ] \ [\-d ] \ [\-T ] \ [\-D ] \ [\-c /path/to ] \ [\-a seconds ] \ [\-\-] \ [commands to be passed to tlsdate] .SH DESCRIPTION .B tlsdated is a daemon that runs tlsdate. It must be run as root or otherwise have the proper caps; it will not be able to set the system time without running as root or another privileged user. .SH OPTIONS .IP "\-w" don't set hwclock .IP "\-p" dry run (don't really set time) .IP "\-r" use stdin instead of netlink for routes .IP "\-t [n]" try [n] times when a new route appears .IP "\-d [n]" delay n seconds between tries .IP "\-T [n]" give subprocess n chances to exit .IP "\-D [n]" delay n seconds between wait attempts .IP "\-c [/path/to/cache/directory/]" set the cache directory .IP "\-a [n]" run at most every n seconds in steady state .IP "\-l" don't load disk timestamps .IP "\-s" don't save disk timestamp .IP "\-j [n]" add up to n seconds of jitter to steady-state fetches .IP "\-v" be verbose .IP "\-h" print help message .IP "\-f [/path/to/config/file]" use alternate config file .IP "\-x [proxy]" override the proxy supplied to sources in the config file .IP "[tlsdate command arguments]" arguments to be passed to tlsdate at launch time .SH BUGS It's likely! Let us know by contacting jacob@appelbaum.net Note that .B tlsdate(1) is still in Alpha, and may not work as expected. .SH AUTHOR Jacob Appelbaum .SH "SEE ALSO" .B tlsdate(1), .B tlsdate-helper(1) .B tlsdate-routeup(1) .B tlsdate-dbus-announce(1) tlsdate-0.0.7/man/tlsdated.conf.5000066400000000000000000000050061230412117200165410ustar00rootroot00000000000000.\" Process this file with .\" groff -man -Tascii foo.1 .\" .TH TLSDATED 5 "JANUARY 2013" "File Formats and Conversions" .SH NAME tlsdated.conf \- tlsdated config file .SH SYNTAX \fBtlsdated.conf\fR is the configuration file for the \fBtlsdated(1)\fR daemon. The config file is formatted as a list of key-value pairs, one per line, separated by whitespace. Whitespace inside values is preserved, so .RS foo bar baz quxx .RE represents the key \fBfoo\fR mapping to the value \fBbar baz quxx\fR. Empty lines and lines beginning with \fB#\fR are ignored; leading whitespace on lines is stripped. For boolean options, the value \fByes\fR or no value at all indicates that the option should be switched on, and all other values indicate that the option should be switched off. \fINote that trailing whitespace is preserved in values.\fR .SH OPTIONS .IP "base-path [string]" Sets the path to tlsdated's cache directory. .IP "dry-run [bool]" If enabled, don't actually adjust the system time. .IP "jitter [int]" Add or subtract up to this many seconds from the steady-state interval when checking. This helps prevent correlation between sequential checks and smooth load on time hosts. .IP "max-tries [int]" How many times to try running the tlsdate subprocess. .IP "min-steady-state-interval [int]" Do not check more than once this many seconds when in steady state. .IP "should-load-disk [bool]" If enabled, try loading the current timestamp out of the cache directory. .IP "should-netlink [bool]" If enabled, use a netlink socket to get network events; otherwise, read network events from stdin. .IP "should-save-disk [bool]" If enabled, save the current timestamp to the cache directory every so often and at exit. .IP "should-sync-hwclock [bool]" If enabled, set the hwclock to the fetched time. .IP "steady-state-interval [int]" Check at least once this many seconds when in steady state. .IP "subprocess-timeout [int]" How many seconds to wait for the subprocess to exit. .IP "verbose [bool]" If enabled, tlsdated will be annoyingly verbose in syslog and on stdout. .IP "wait-between-tries [int]" How long to wait between runs of the subprocess. .SH SOURCES You can list one or more sources to fetch time from. The format of these is: .RS 4 source .RS 4 host www.example.com .br port 443 .br proxy socks5://127.0.0.1:9050 .RE end .RE .SH BUGS It's likely! Let us know by contacting jacob@appelbaum.net Note that .B tlsdated(1) is still in Alpha, and may not work as expected. .SH AUTHOR Jacob Appelbaum .SH "SEE ALSO" .B tlsdated(1), tlsdate-0.0.7/mkfile000066400000000000000000000005611230412117200143430ustar00rootroot00000000000000"$1"/run-output \ 2>"$1"/run-err [ -x "$1"/teardown ] && "$1"/teardown } test_passed() { diff "$t"/output "$t"/run-output >/dev/null } total=0 passed=0 for t in tests/*; do [ ! -d "$t" ] && continue name="$(basename "$t")" echo -n "$name: " run_test "$t" if test_passed "$t"; then echo "ok" passed=$((passed + 1)) else echo "failed" fi total=$((total + 1)) done echo "Passed: $passed/$total" [ $passed != $total ] exit $? tlsdate-0.0.7/src/000077500000000000000000000000001230412117200137365ustar00rootroot00000000000000tlsdate-0.0.7/src/common/000077500000000000000000000000001230412117200152265ustar00rootroot00000000000000tlsdate-0.0.7/src/common/android.c000066400000000000000000000004341230412117200170130ustar00rootroot00000000000000#include "android.h" #include char *strchrnul(const char *s, int c) { char * matched_char = strchr(s, c); if (matched_char == NULL) { matched_char = (char*) s + strlen(s); } return matched_char; } int MIN(int a, int b) { return a < b ? a : b; } tlsdate-0.0.7/src/common/android.h000066400000000000000000000010771230412117200170240ustar00rootroot00000000000000/* * Android's libc lacks fmemopen, so here is our implementation. */ #include /** * fmemopen expects this function * defined in android.c */ int MIN(int a, int b); /* * Android's libc does not provide strchrnul, so here * is our own implementation. strchrnul behaves like * strchr except instead of returning NULL if c is not * in s, strchrnul returns a pointer to the \0 byte at * the end of s. * defined in android.c */ char *strchrnul(const char *s, int c); /* defined in fmemopen.c */ FILE *fmemopen(void *buf, size_t size, const char *mode); tlsdate-0.0.7/src/common/fmemopen-funopen.c000066400000000000000000000074371230412117200206630ustar00rootroot00000000000000/* * POSIX 2008 fmemopen(3) implemented in terms of BSD funopen(3) */ /* * Copyright (c) 2013 Taylor R. Campbell * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #define _BSD_SOURCE #define _NETBSD_SOURCE #include #include #include #include #include "fmemopen.h" struct fmem_cookie { void *fmc_buffer; size_t fmc_index; size_t fmc_limit; }; static int fmem_read(void *cookie, char *buffer, int n) { struct fmem_cookie *const fmc = cookie; if (n < 0) { /* paranoia */ errno = EINVAL; return -1; } if (n > (fmc->fmc_limit - fmc->fmc_index)) n = (fmc->fmc_limit - fmc->fmc_index); (void)memcpy(buffer, (char *)fmc->fmc_buffer + fmc->fmc_index, n); fmc->fmc_index += n; return n; } static int fmem_write(void *cookie, const char *buffer, int n) { struct fmem_cookie *const fmc = cookie; if (n < 0) { /* paranoia */ errno = EINVAL; return -1; } if (n > (fmc->fmc_limit - fmc->fmc_index)) n = (fmc->fmc_limit - fmc->fmc_index); (void)memcpy((char *)fmc->fmc_buffer + fmc->fmc_index, buffer, n); fmc->fmc_index += n; return n; } static fpos_t fmem_seek(void *cookie, fpos_t offset, int cmd) { struct fmem_cookie *const fmc = cookie; switch (cmd) { case SEEK_SET: if ((offset < 0) || (fmc->fmc_limit < offset)) goto einval; fmc->fmc_index = offset; return 0; case SEEK_CUR: if (offset < 0) { /* Assume two's-complement arithmetic. */ if ((offset == ~(fpos_t)0) || (-offset > fmc->fmc_index)) goto einval; } else { if (offset > (fmc->fmc_limit - fmc->fmc_index)) goto einval; } fmc->fmc_index += offset; return 0; case SEEK_END: /* Assume two's-complement arithmetic. */ if ((offset >= 0) || (offset == ~(fpos_t)0) || (fmc->fmc_limit < -offset)) goto einval; fmc->fmc_index = (fmc->fmc_limit + offset); return 0; default: goto einval; } einval: errno = EINVAL; return -1; } static int fmem_close(void *cookie) { struct fmem_cookie *const fmc = cookie; free(fmc); return 0; } FILE * fmemopen(void *buffer, size_t len, const char *mode) { struct fmem_cookie *fmc; FILE *file; fmc = malloc(sizeof(*fmc)); if (fmc == NULL) goto fail0; (void)memset(fmc, 0, sizeof(*fmc)); fmc->fmc_buffer = buffer; fmc->fmc_index = 0; fmc->fmc_limit = len; file = funopen(fmc, &fmem_read, &fmem_write, &fmem_seek, &fmem_close); if (file == NULL) goto fail1; return file; fail1: free(fmc); fail0: return NULL; } tlsdate-0.0.7/src/common/fmemopen.c000066400000000000000000000123171230412117200172040ustar00rootroot00000000000000/* This file was retrieved from http://gitweb.dragonflybsd.org/dragonfly.git/blob_plain/HEAD:/lib/libc/stdio/fmemopen.c on 26/04/2013 by Abel Luck for inclusion in tlsdate for the Android port. */ #include "android.h" /* $NetBSD: fmemopen.c,v 1.4 2010/09/27 16:50:13 tnozaki Exp $ */ /*- * Copyright (c)2007, 2010 Takehiko NOZAKI, * Copyright (c) 2012, Venkatesh Srinivas * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include #include #include #include #include #include #include //#include "local.h" //#include "priv_stdio.h" struct fmemopen_cookie { char *head, *tail, *cur, *eob; }; static int fmemopen_read(void *cookie, char *buf, int nbytes) { struct fmemopen_cookie *p; char *s; int len; assert(cookie != NULL); assert(buf != NULL && nbytes > 0); p = cookie; s = p->cur; len = MIN(p->tail - p->cur, nbytes); bcopy(p->cur, buf, len); p->cur += len; return (int)(p->cur - s); } static int fmemopen_write(void *cookie, const char *buf, int nbytes) { struct fmemopen_cookie *p; char *s; int len; assert(cookie != NULL); assert(buf != NULL && nbytes > 0); p = cookie; if (p->cur >= p->tail) return 0; s = p->cur; len = MIN(p->tail - p->cur, nbytes); bcopy(buf, p->cur, len); p->cur += len - 1; if (p->cur == p->tail - 1) { *p->cur = '\0'; if (buf[len - 1] == '\0') p->cur++; } else { *++p->cur = '\0'; } if (p->cur > p->eob) p->eob = p->cur; return (int)(p->cur - s); } static fpos_t fmemopen_seek(void *cookie, fpos_t offset, int whence) { struct fmemopen_cookie *p; assert(cookie != NULL); p = (struct fmemopen_cookie *)cookie; switch (whence) { case SEEK_SET: break; case SEEK_CUR: offset += p->cur - p->head; break; case SEEK_END: offset += p->eob - p->head; break; default: errno = EINVAL; goto error; } if (offset >= (fpos_t)0 && offset <= p->tail - p->head) { p->cur = p->head + (ptrdiff_t)offset; return (fpos_t)(p->cur - p->head); } error: return (fpos_t)-1; } static int fmemopen_close0(void *cookie) { assert(cookie != NULL); free(cookie); return 0; } static int fmemopen_close1(void *cookie) { struct fmemopen_cookie *p; assert(cookie != NULL); p = cookie; free(p->head); free(p); return 0; } FILE * fmemopen(void * __restrict buf, size_t size, const char * __restrict mode) { int flags, oflags; FILE *fp; struct fmemopen_cookie *cookie; if (size < (size_t)1) goto invalid; flags = __sflags(mode, &oflags); if (flags == 0) return NULL; if ((oflags & O_RDWR) == 0 && buf == NULL) goto invalid; fp = __sfp(); if (fp == NULL) return NULL; cookie = malloc(sizeof(*cookie)); if (cookie == NULL) goto release; if (buf == NULL) { cookie->head = malloc(size); if (cookie->head == NULL) { free(cookie); goto release; } *cookie->head = '\0'; fp->_close = &fmemopen_close1; } else { cookie->head = (char *)buf; if (oflags & O_TRUNC) *cookie->head = '\0'; fp->_close = &fmemopen_close0; } cookie->tail = cookie->head + size; cookie->eob = cookie->head; do { if (*cookie->eob == '\0') break; ++cookie->eob; } while (--size > 0); cookie->cur = (oflags & O_APPEND) ? cookie->eob : cookie->head; // fp->pub._flags = flags; fp->_write = (flags & __SRD) ? NULL : &fmemopen_write; fp->_read = (flags & __SWR) ? NULL : &fmemopen_read; fp->_seek = &fmemopen_seek; fp->_cookie = (void *)cookie; return fp; invalid: errno = EINVAL; return NULL; release: //fp->pub._flags = 0; return NULL; } tlsdate-0.0.7/src/common/fmemopen.h000066400000000000000000000002331230412117200172030ustar00rootroot00000000000000#ifndef TLSDATE_FMEMOPEN_H #define TLSDATE_FMEMOPEN_H #include FILE *fmemopen(void *, size_t, const char *); #endif /* TLSDATE_FMEMOPEN_H */ tlsdate-0.0.7/src/common/strnlen.c000066400000000000000000000003551230412117200170620ustar00rootroot00000000000000/* * Trivial strnlen(3) implementation */ #include #include "strnlen.h" size_t strnlen(const char *s, size_t limit) { size_t len; for (len = 0; len < limit; len++) if (*s++ == '\0') break; return len; } tlsdate-0.0.7/src/common/strnlen.h000066400000000000000000000002211230412117200170570ustar00rootroot00000000000000#ifndef TLSDATE_STRNLEN_H #define TLSDATE_STRNLEN_H #include size_t strnlen(const char *, size_t); #endif /* TLSDATE_STRNLEN_H */ tlsdate-0.0.7/src/compat/000077500000000000000000000000001230412117200152215ustar00rootroot00000000000000tlsdate-0.0.7/src/compat/clock-darwin.c000066400000000000000000000044621230412117200177500ustar00rootroot00000000000000/* Copyright (c) 2012, David Goulet * Jacob Appelbaum * Copyright (c) 2012, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** * \file clock-darwin.c * \brief Contains clock primitives for Mac OS X (Tested on 10.8.2) **/ #include "config.h" #include "clock.h" #include #include #include #ifdef __APPLE__ #include #include #include #include #include #include #include #include #endif #include /** * Get current real time value and store it into time. * * @param time where the current time is stored * @return clock_gettime syscall return value */ int clock_get_real_time(struct tlsdate_time *time) { /* Safety net */ assert(time); kern_return_t r; clock_serv_t cclock; mach_timespec_t mts; r = host_get_clock_service(mach_host_self(), CALENDAR_CLOCK, &cclock); if (r != KERN_SUCCESS) { fprintf(stderr, "host_get_clock_service failed!\n"); return -1; } r = clock_get_time(cclock, &mts); if (r != KERN_SUCCESS) { fprintf(stderr, "clock_get_time failed!\n"); return -1; } r = mach_port_deallocate(mach_task_self(), cclock); if (r != KERN_SUCCESS) { fprintf(stderr, "mach_port_deallocate failed!\n"); return -1; } time->tp.tv_sec = mts.tv_sec; time->tp.tv_nsec = mts.tv_nsec; return r; } /** * Set current real time clock using time. * * @param time where the current time to set is stored * @return clock_settime syscall return value */ int clock_set_real_time(const struct tlsdate_time *time) { /* Safety net */ assert(time); //printf ("V: server time %u\n", (unsigned int) time->tp.tv_sec); int r; struct timeval tv = {time->tp.tv_sec, 0}; r = settimeofday(&tv, NULL); if (r != 0) { fprintf(stderr, "setimeofday failed!\n"); return -1; } return r; } /** * Init a tlsdate_time structure. * * @param sec is the seconds * @param nsec is the nanoseconds */ void clock_init_time(struct tlsdate_time *time, time_t sec, long nsec) { /* Safety net */ assert(time); time->tp.tv_sec = sec; time->tp.tv_nsec = nsec; } tlsdate-0.0.7/src/compat/clock-hurd.c000066400000000000000000000023471230412117200174260ustar00rootroot00000000000000/* Copyright (c) 2012, David Goulet * Jacob Appelbaum * Copyright (c) 2012, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** * \file clock-linux.c * \brief Contains clock primitives for GNU/Linux OS **/ #include "config.h" #include #include "src/compat/clock.h" /** * Get current real time value and store it into time. * * @param time where the current time is stored * @return clock_gettime syscall return value */ int clock_get_real_time(struct tlsdate_time *time) { /* Safety net */ assert(time); return clock_gettime(CLOCK_REALTIME, &time->tp); } /** * Set current real time clock using time. * * @param time where the current time to set is stored * @return clock_settime syscall return value */ int clock_set_real_time(const struct tlsdate_time *time) { /* Safety net */ assert(time); return clock_settime(CLOCK_REALTIME, &time->tp); } /** * Init a tlsdate_time structure. * * @param sec is the seconds * @param nsec is the nanoseconds */ void clock_init_time(struct tlsdate_time *time, time_t sec, long nsec) { /* Safety net */ assert(time); time->tp.tv_sec = sec; time->tp.tv_nsec = nsec; } tlsdate-0.0.7/src/compat/clock-linux.c000066400000000000000000000023471230412117200176230ustar00rootroot00000000000000/* Copyright (c) 2012, David Goulet * Jacob Appelbaum * Copyright (c) 2012, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** * \file clock-linux.c * \brief Contains clock primitives for GNU/Linux OS **/ #include "config.h" #include #include "src/compat/clock.h" /** * Get current real time value and store it into time. * * @param time where the current time is stored * @return clock_gettime syscall return value */ int clock_get_real_time(struct tlsdate_time *time) { /* Safety net */ assert(time); return clock_gettime(CLOCK_REALTIME, &time->tp); } /** * Set current real time clock using time. * * @param time where the current time to set is stored * @return clock_settime syscall return value */ int clock_set_real_time(const struct tlsdate_time *time) { /* Safety net */ assert(time); return clock_settime(CLOCK_REALTIME, &time->tp); } /** * Init a tlsdate_time structure. * * @param sec is the seconds * @param nsec is the nanoseconds */ void clock_init_time(struct tlsdate_time *time, time_t sec, long nsec) { /* Safety net */ assert(time); time->tp.tv_sec = sec; time->tp.tv_nsec = nsec; } tlsdate-0.0.7/src/compat/clock.h000066400000000000000000000033051230412117200164660ustar00rootroot00000000000000/* Copyright (c) 2012, David Goulet * Jacob Appelbaum * Copyright (c) 2012, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** * \file clock.h * \brief Header file for the clock primitives. **/ #pragma once #ifndef CLOCK_HEADER_GUARD #define CLOCK_HEADER_GUARD 1 #include #ifdef HAVE_TIME_H #include #endif #ifdef TARGET_OS_OPENBSD #include #endif #ifdef HAVE_MACH_CLOCK_H #include #endif #ifdef HAVE_MACH_MACH_H #include #endif struct tlsdate_time { #if defined(__linux__) || defined(__FreeBSD__) || defined (__NetBSD__) || defined (__OpenBSD__) || defined (__DragonFly__) struct timespec tp; #elif defined(__APPLE__) mach_timespec_t tp; #elif _WIN32 void *tp; #elif TARGET_OS_HAIKU struct timespec tp; #elif TARGET_OS_CYGWIN struct timespec tp; #elif TARGET_OS_MINGW struct timespec tp; #elif TARGET_OS_GNUHURD struct timespec tp; #else struct timespec tp; #endif }; TLSDATE_API int clock_get_real_time(struct tlsdate_time *time); TLSDATE_API int clock_set_real_time(const struct tlsdate_time *time); TLSDATE_API void clock_init_time(struct tlsdate_time *time, time_t sec, long nsec); /* Helper macros to access time values */ #define CLOCK_SEC(time) ((time)->tp.tv_sec) #define CLOCK_MSEC(time) ((time)->tp.tv_nsec / 1000000) #define CLOCK_USEC(time) ((time)->tp.tv_nsec / 1000) #define CLOCK_NSEC(time) ((time)->tp.tv_nsec) /* Helper macros to access time values. TODO: Complete them */ /* #define CLOCK_SEC(time) #define CLOCK_MSEC(time) #define CLOCK_USEC(time) #define CLOCK_NSEC(time) */ #endif // CLOCK_HEADER_GUARD tlsdate-0.0.7/src/compat/include.am000066400000000000000000000025121230412117200171630ustar00rootroot00000000000000# vim:ft=automake noinst_LTLIBRARIES+= src/compat/libtlsdate_compat.la noinst_HEADERS+= src/compat/clock.h src_compat_libtlsdate_compat_la_SOURCES = src_compat_libtlsdate_compat_la_CFLAGS = -DBUILDING_TLSDATE src_compat_libtlsdate_compat_la_LIBADD = if TARGET_OSX src_compat_libtlsdate_compat_la_SOURCES+= src/compat/clock-darwin.c endif if TARGET_LINUX src_compat_libtlsdate_compat_la_SOURCES+= src/compat/clock-linux.c endif if TARGET_FREEBSD src_compat_libtlsdate_compat_la_SOURCES+= src/compat/clock-linux.c endif if TARGET_NETBSD src_compat_libtlsdate_compat_la_SOURCES+= src/compat/clock-linux.c endif if TARGET_OPENBSD src_compat_libtlsdate_compat_la_SOURCES+= src/compat/clock-linux.c endif if TARGET_DRAGONFLYBSD src_compat_libtlsdate_compat_la_SOURCES+= src/compat/clock-linux.c endif if TARGET_BSD if !TARGET_NETBSD if !TARGET_FREEBSD src_compat_libtlsdate_compat_la_SOURCES+= src/compat/clock-linux.c endif endif endif if TARGET_GNUHURD src_compat_libtlsdate_compat_la_SOURCES+= src/compat/clock-hurd.c endif if TARGET_CYGWIN src_compat_libtlsdate_compat_la_SOURCES+= src/compat/clock-linux.c endif if TARGET_MINGW src_compat_libtlsdate_compat_la_SOURCES+= src/compat/clock-linux.c endif if TARGET_HAIKU src_compat_libtlsdate_compat_la_SOURCES+= src/compat/clock-linux.c endif src_compat_libtlsdate_compat_la_LIBADD+= @RT_LIB@ tlsdate-0.0.7/src/conf-unittest.c000066400000000000000000000042001230412117200167000ustar00rootroot00000000000000/* * conf-unittest.c - config parser unit tests * Copyright (c) 2012 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #include "config.h" #include #include #include #include #include "src/conf.h" #include "src/test_harness.h" #ifdef HAVE_ANDROID_SYSTEM #include "src/common/fmemopen.h" #endif #ifndef HAVE_FMEMOPEN #include "src/common/fmemopen.h" #endif FILE *fopenstr(const char *str) { /* strlen(str) instead of strlen(str) + 1 because files shouldn't appear * null-terminated. Cast away constness because we're in read mode, but the * fmemopen prototype has no way to express that. */ return fmemopen((char *)str, strlen(str), "r"); } TEST(parse_empty) { /* can't do a truly empty file - fmemopen() combusts */ FILE *f = fopenstr("\n"); ASSERT_NE(NULL, f); struct conf_entry *e = conf_parse(f); EXPECT_NULL(e); conf_free(e); } TEST(parse_basic) { FILE *f = fopenstr("foo bar\nbaz quxx\n"); ASSERT_NE(NULL, f); struct conf_entry *e = conf_parse(f); ASSERT_NE(NULL, e); EXPECT_STREQ(e->key, "foo"); EXPECT_STREQ(e->value, "bar"); ASSERT_NE(NULL, e->next); EXPECT_STREQ(e->next->key, "baz"); EXPECT_STREQ(e->next->value, "quxx"); ASSERT_NULL(e->next->next); conf_free(e); } TEST(parse_novalue) { FILE *f = fopenstr("abcdef\n"); ASSERT_NE(NULL, f); struct conf_entry *e = conf_parse(f); ASSERT_NE(NULL, e); EXPECT_STREQ(e->key, "abcdef"); EXPECT_NULL(e->value); EXPECT_NULL(e->next); conf_free(e); } TEST(parse_whitespace) { FILE *f = fopenstr(" fribble grotz \n"); ASSERT_NE(NULL, f); struct conf_entry *e = conf_parse(f); ASSERT_NE(NULL, e); EXPECT_STREQ(e->key, "fribble"); EXPECT_STREQ(e->value, "grotz "); EXPECT_NULL(e->next); conf_free(e); } TEST(parse_comment) { FILE *f = fopenstr("#foo bar\nbaz quxx\n"); ASSERT_NE(NULL, f); struct conf_entry *e = conf_parse(f); ASSERT_NE(NULL, e); EXPECT_STREQ(e->key, "baz"); EXPECT_STREQ(e->value, "quxx"); EXPECT_NULL(e->next); conf_free(e); } TEST_HARNESS_MAIN tlsdate-0.0.7/src/conf.c000066400000000000000000000043241230412117200150320ustar00rootroot00000000000000/* conf.c - config file parser */ #ifndef _GNU_SOURCE #define _GNU_SOURCE /* strchrnul */ #endif #include "config.h" #include #include #include #include #include "src/conf.h" #ifdef TARGET_OS_NETBSD #include "src/common/android.h" // XXX: Dirty hack - make this more generic later #endif #ifdef TARGET_OS_OPENBSD #include "src/common/android.h" // XXX: Dirty hack - make this more generic later #endif #ifdef TARGET_OS_DRAGONFLYBSD #include "src/common/android.h" // XXX: Dirty hack - make this more generic later #endif #ifdef TARGET_OS_HAIKU #include "src/common/android.h" // XXX: Dirty hack - make this more generic later #endif #ifdef TARGET_OS_FREEBSD #ifndef HAVE_STRCHRNUL #include "src/common/android.h" // XXX: Dirty hack - make this more generic later #endif #endif #ifdef HAVE_ANDROID #include "src/common/android.h" #endif void strip_newlines(char *line) { *strchrnul(line, '\n') = '\0'; *strchrnul(line, '\r') = '\0'; } char *eat_whitespace(char *line) { while (isspace((int)(unsigned char)*line)) line++; return line; } int is_ignored_line(char *line) { return !*line || *line == '#'; } struct conf_entry *conf_parse(FILE *f) { struct conf_entry *head = NULL; struct conf_entry *tail = NULL; char buf[CONF_MAX_LINE]; while (fgets(buf, sizeof(buf), f)) { struct conf_entry *e; char *start = buf; char *key; char *val; strip_newlines(start); start = eat_whitespace(start); if (is_ignored_line(start)) continue; key = strtok(start, " \t"); val = strtok(NULL, ""); if (val) val = eat_whitespace(val); e = (struct conf_entry *) malloc(sizeof *e); if (!e) goto fail; e->next = NULL; e->key = strdup(key); e->value = val ? strdup(val) : NULL; if (!e->key || (val && !e->value)) { free(e->key); free(e->value); free(e); goto fail; } if (!head) { head = e; tail = e; } else { tail->next = e; tail = e; } } return head; fail: conf_free(head); return NULL; } void conf_free(struct conf_entry *e) { struct conf_entry *n; while (e) { n = e->next; free(e->key); free(e->value); free(e); e = n; } } tlsdate-0.0.7/src/conf.h000066400000000000000000000004431230412117200150350ustar00rootroot00000000000000/* conf.h - config file parser */ #ifndef CONF_H #define CONF_H #include #define CONF_MAX_LINE 16384 struct conf_entry { struct conf_entry *next; char *key; char *value; }; struct conf_entry *conf_parse(FILE *f); void conf_free(struct conf_entry *e); #endif /* !CONF_H */ tlsdate-0.0.7/src/event-unittest.c000066400000000000000000000016401230412117200171010ustar00rootroot00000000000000#include "src/event.h" #include "src/test_harness.h" #include TEST(every) { struct event *e = event_every(3); time_t then = time(NULL); time_t now; EXPECT_EQ(1, event_wait(e)); now = time(NULL); EXPECT_GT(now, then + 2); event_free(e); } TEST(fdread) { int fds[2]; struct event *e; char z = '0'; ASSERT_EQ(0, pipe(fds)); e = event_fdread(fds[0]); EXPECT_EQ(1, write(fds[1], &z, 1)); EXPECT_EQ(1, event_wait(e)); event_free(e); } TEST(composite) { struct event *e0 = event_every(2); struct event *e1 = event_every(3); struct event *ec = event_composite(); time_t then = time(NULL); time_t now; ASSERT_EQ(0, event_composite_add(ec, e0)); ASSERT_EQ(0, event_composite_add(ec, e1)); EXPECT_EQ(1, event_wait(ec)); EXPECT_EQ(1, event_wait(ec)); EXPECT_EQ(1, event_wait(ec)); now = time(NULL); EXPECT_EQ(now, then + 4); event_free(ec); event_free(e1); event_free(e0); } TEST_HARNESS_MAIN tlsdate-0.0.7/src/event.c000066400000000000000000000125531230412117200152310ustar00rootroot00000000000000#include #include #include #include #include #include #include #include #include "routeup.h" struct event { const char *name; int (*fd)(struct event *); int (*wait)(struct event *); void (*free)(struct event *); }; struct event_fd { struct event event; int fd; pid_t pid; }; struct event_composite { struct event event; struct event **children; size_t nchildren; }; static int _subproc_fd(struct event *e) { struct event_fd *efd = (struct event_fd *)e; return efd->fd; } static int _subproc_wait(struct event *e) { struct event_fd *efd = (struct event_fd *)e; char buf; if (read(_subproc_fd(e), &buf, 1) == 1) return 1; /* fd is broken...? */ close(efd->fd); efd->fd = -1; return -1; } static const char kZero = '0'; static void _subproc_signal(int fd) { ssize_t _unused = write(fd, &kZero, 1); (void)_unused; } static void _subproc_free(struct event *e) { struct event_fd *efd = (struct event_fd *)e; if (efd->pid > 0) { kill(efd->pid, SIGKILL); waitpid(efd->pid, NULL, 0); } close(efd->fd); free(efd); } static struct event *_event_subproc(void (*func)(void *, int), void *arg) { struct event_fd *ev = malloc(sizeof *ev); int fds[2]; if (!ev) return NULL; ev->event.fd = _subproc_fd; ev->event.wait = _subproc_wait; ev->event.free = _subproc_free; if (pipe(fds)) { free(ev); return NULL; } ev->pid = fork(); if (ev->pid < 0) { close(fds[0]); close(fds[1]); free(ev); return NULL; } else if (ev->pid == 0) { close(fds[0]); func(arg, fds[1]); exit(0); } close(fds[1]); ev->fd = fds[0]; return &ev->event; } static void _routeup(void *arg, int fd) { struct routeup *rtup = arg; while (!routeup_once(rtup, 0)) _subproc_signal(fd); } struct event *event_routeup() { struct routeup *rtup = malloc(sizeof *rtup); struct event *e; if (!rtup) return NULL; if (!routeup_setup(rtup)) { free(rtup); return NULL; } e = _event_subproc(_routeup, (void*)rtup); /* free it in the parent only */ routeup_teardown(rtup); if (e) e->name = "routeup"; return e; } static void _every(void *arg, int fd) { int delay = *(int*)arg; while (1) { sleep(delay); _subproc_signal(fd); } } struct event *event_every(int seconds) { struct event *e = _event_subproc(_every, (void *)&seconds); e->name = "every"; return e; } static void _suspend(void *arg, int fd) { while (1) { static const int kInterval = 60; static const int kThreshold = 3; time_t then = time(NULL); time_t now; sleep(kInterval); now = time(NULL); if (abs(now - then - kInterval) > kThreshold) _subproc_signal(fd); } } struct event *event_suspend() { struct event *e = _event_subproc(_suspend, NULL); e->name = "suspend"; return e; } struct event *event_fdread(int fd) { struct event_fd *efd = malloc(sizeof *efd); efd->event.name = "fdread"; efd->event.fd = _subproc_fd; efd->event.wait = _subproc_wait; efd->event.free = _subproc_free; efd->fd = fd; return &efd->event; } int event_wait(struct event *e) { assert(e->wait); return e->wait(e); } void event_free(struct event *e) { assert(e->free); return e->free(e); } static int _composite_fd(struct event *e) { return -1; } static int _composite_wait(struct event *e) { struct event_composite *ec = (struct event_composite *)e; fd_set fds; size_t i; int n; int maxfd = -1; FD_ZERO(&fds); for (i = 0; i < ec->nchildren; i++) { struct event *child = ec->children[i]; int fd = child->fd(child); if (fd != -1) FD_SET(child->fd(child), &fds); if (fd > maxfd) maxfd = fd; } n = select(maxfd + 1, &fds, NULL, NULL, NULL); if (n < 0) return -1; for (i = 0; i < ec->nchildren; i++) { struct event *child = ec->children[i]; int fd = child->fd(child); if (FD_ISSET(fd, &fds)) { /* won't block, but clears the event */ int r = child->wait(child); if (r) /* either error or success, but not 'no event' */ return r; } } return 0; } static void _composite_free(struct event *e) { struct event_composite *ec = (struct event_composite *)e; free(ec->children); free(ec); } struct event *event_composite(void) { struct event_composite *ec = malloc(sizeof *ec); if (!ec) return NULL; ec->event.name = "composite"; ec->event.fd = _composite_fd; ec->event.wait = _composite_wait; ec->event.free = _composite_free; ec->children = NULL; ec->nchildren = 0; return &ec->event; } int event_composite_add(struct event *comp, struct event *e) { struct event_composite *ec = (struct event_composite *)comp; size_t i; size_t nsz; struct event **nch; for (i = 0; i < ec->nchildren; i++) { if (ec->children[i]) continue; ec->children[i] = e; return 0; } nsz = ec->nchildren + 1; nch = realloc(ec->children, nsz * sizeof(struct event *)); if (!nch) return 1; ec->nchildren = nsz; ec->children = nch; ec->children[nsz - 1] = e; return 0; } int event_composite_del(struct event *comp, struct event *e) { struct event_composite *ec = (struct event_composite *)comp; size_t i; for (i = 0; i < ec->nchildren; i++) { if (ec->children[i] != e) continue; ec->children[i] = NULL; return 0; } return 1; } tlsdate-0.0.7/src/event.h000066400000000000000000000010361230412117200152300ustar00rootroot00000000000000/* event.h - event sources */ #ifndef EVENT_H #define EVENT_H struct event; extern struct event *event_fdread(int fd); extern struct event *event_routeup(void); extern struct event *event_suspend(void); extern struct event *event_every(int seconds); extern struct event *event_composite(void); extern int event_composite_add(struct event *comp, struct event *e); extern int event_composite_del(struct event *comp, struct event *e); extern int event_wait(struct event *e); extern void event_free(struct event *e); #endif /* !EVENT_H */ tlsdate-0.0.7/src/include.am000066400000000000000000000271411230412117200157050ustar00rootroot00000000000000# vim:ft=automake src_tlsdate_SOURCES= src_tlsdate_LDADD= src_tlsdate_helper_CFLAGS= src_tlsdate_helper_SOURCES= src_tlsdate_helper_LDADD= include src/compat/include.am # Our main program if TARGET_LINUX bin_PROGRAMS+= src/tlsdate-routeup bin_PROGRAMS+= src/tlsdate bin_PROGRAMS+= src/tlsdate-helper bin_PROGRAMS+= src/tlsdate-dbus-announce sbin_PROGRAMS+= src/tlsdated src_conf_unittest_SOURCES = src/conf.c src_conf_unittest_SOURCES+= src/conf-unittest.c if HAVE_ANDROID src_conf_unittest_SOURCES+= src/common/android.c src/common/fmemopen.c endif check_PROGRAMS+= src/conf_unittest noinst_PROGRAMS+= src/conf_unittest endif if TARGET_FREEBSD bin_PROGRAMS+= src/tlsdate bin_PROGRAMS+= src/tlsdate-helper src_conf_unittest_SOURCES = src/conf.c src_conf_unittest_SOURCES+= src/conf-unittest.c if !HAVE_STRCHRNUL src_conf_unittest_SOURCES+= src/common/android.c endif check_PROGRAMS+= src/conf_unittest noinst_PROGRAMS+= src/conf_unittest endif if TARGET_NETBSD bin_PROGRAMS+= src/tlsdate bin_PROGRAMS+= src/tlsdate-helper src_conf_unittest_SOURCES = src/conf.c src_conf_unittest_SOURCES+= src/conf-unittest.c src_conf_unittest_SOURCES+= src/common/android.c # XXX This conditional should apply for any system where we're building # conf_unittest, but I don't know how to tell that to automake. if !HAVE_FMEMOPEN if HAVE_FUNOPEN src_conf_unittest_SOURCES+= src/common/fmemopen-funopen.c endif endif check_PROGRAMS+= src/conf_unittest noinst_PROGRAMS+= src/conf_unittest endif if TARGET_OPENBSD bin_PROGRAMS+= src/tlsdate bin_PROGRAMS+= src/tlsdate-helper src_conf_unittest_SOURCES = src/conf.c src_conf_unittest_SOURCES+= src/conf-unittest.c src_conf_unittest_SOURCES+= src/common/android.c src_conf_unittest_SOURCES+= src/common/fmemopen.c check_PROGRAMS+= src/conf_unittest noinst_PROGRAMS+= src/conf_unittest endif if TARGET_DRAGONFLYBSD bin_PROGRAMS+= src/tlsdate bin_PROGRAMS+= src/tlsdate-helper src_conf_unittest_SOURCES = src/conf.c src_conf_unittest_SOURCES+= src/conf-unittest.c src_conf_unittest_SOURCES+= src/common/android.c check_PROGRAMS+= src/conf_unittest noinst_PROGRAMS+= src/conf_unittest endif if TARGET_BSD if !TARGET_FREEBSD if !TARGET_NETBSD bin_PROGRAMS+= src/tlsdate bin_PROGRAMS+= src/tlsdate-helper src_conf_unittest_SOURCES = src/conf.c src_conf_unittest_SOURCES+= src/conf-unittest.c check_PROGRAMS+= src/conf_unittest noinst_PROGRAMS+= src/conf_unittest endif endif endif if TARGET_GNUHURD bin_PROGRAMS+= src/tlsdate bin_PROGRAMS+= src/tlsdate-helper src_conf_unittest_SOURCES = src/conf.c src_conf_unittest_SOURCES+= src/conf-unittest.c src_conf_unittest_SOURCES+= src/common/android.c check_PROGRAMS+= src/conf_unittest noinst_PROGRAMS+= src/conf_unittest endif if TARGET_CYGWIN bin_PROGRAMS+= src/tlsdate bin_PROGRAMS+= src/tlsdate-helper src_conf_unittest_SOURCES = src/conf.c src_conf_unittest_SOURCES+= src/conf-unittest.c src_conf_unittest_SOURCES+= src/common/android.c check_PROGRAMS+= src/conf_unittest noinst_PROGRAMS+= src/conf_unittest endif if TARGET_MINGW bin_PROGRAMS+= src/tlsdate bin_PROGRAMS+= src/tlsdate-helper src_conf_unittest_SOURCES = src/conf.c src_conf_unittest_SOURCES+= src/conf-unittest.c src_conf_unittest_SOURCES+= src/common/android.c check_PROGRAMS+= src/conf_unittest noinst_PROGRAMS+= src/conf_unittest endif if TARGET_HAIKU bin_PROGRAMS+= src/tlsdate bin_PROGRAMS+= src/tlsdate-helper src_conf_unittest_SOURCES = src/conf.c src_conf_unittest_SOURCES+= src/conf-unittest.c src_conf_unittest_SOURCES+= src/common/android.c check_PROGRAMS+= src/conf_unittest noinst_PROGRAMS+= src/conf_unittest endif if TARGET_OSX bin_PROGRAMS+= src/tlsdate bin_PROGRAMS+= src/tlsdate-helper endif # This doesn't work on Mac OS X or FreeBSD if TARGET_LINUX src_tlsdate_routeup_CFLAGS = -DROUTEUP_MAIN src_tlsdate_routeup_SOURCES = src/routeup.c src_tlsdate_routeup_SOURCES+= src/util.c endif src_tlsdate_SOURCES+= src/tlsdate.c src_tlsdate_CFLAGS = -DBUILDING_TLSDATE src_tlsdate_helper_CFLAGS+= @SSL_CFLAGS@ src_tlsdate_helper_LDADD+= @SSL_LIBS@ src_tlsdate_helper_LDADD+= src/compat/libtlsdate_compat.la src_tlsdate_helper_SOURCES+= src/tlsdate-helper.c if POLARSSL src_tlsdate_helper_SOURCES+= src/proxy-polarssl.c else # OpenSSL is our default if we're not using PolarSSL src_tlsdate_helper_SOURCES+= src/proxy-bio.c endif src_tlsdate_helper_SOURCES+= src/util.c if !HAVE_STRNLEN src_tlsdate_helper_SOURCES+= src/common/strnlen.c endif # This doesn't work on Mac OS X if TARGET_LINUX src_tlsdated_CFLAGS = -DTLSDATED_MAIN @SSL_CFLAGS@ src_tlsdated_LDADD = @SSL_LIBS@ src_tlsdated_SOURCES = if HAVE_ANDROID src_tlsdated_SOURCES+= src/common/android.c endif src_tlsdated_SOURCES+= src/conf.c src_tlsdated_SOURCES+= src/event.c src_tlsdated_SOURCES+= src/routeup.c src_tlsdated_SOURCES+= src/tlsdated.c src_tlsdated_SOURCES+= src/util.c src_tlsdate_dbus_announce_CFLAGS = @DBUS_CFLAGS@ src_tlsdate_dbus_announce_LDADD = @DBUS_LIBS@ src_tlsdate_dbus_announce_SOURCES = src/tlsdate-dbus-announce.c src_tlsdated_unittest_LDADD = @SSL_LIBS@ src_tlsdated_unittest_SOURCES = src/event.c src_tlsdated_unittest_SOURCES+= src/routeup.c src_tlsdated_unittest_SOURCES+= src/tlsdated-unittest.c src_tlsdated_unittest_SOURCES+= src/util.c src_tlsdated_unittest_SOURCES+= src/tlsdated.c check_PROGRAMS+= src/tlsdated_unittest noinst_PROGRAMS+= src/tlsdated_unittest endif # This doesn't work on Mac OS X if TARGET_LINUX if !POLARSSL src_proxy_bio_unittest_LDADD = @SSL_LIBS@ src_proxy_bio_unittest_SOURCES = src/proxy-bio.c src_proxy_bio_unittest_SOURCES+= src/proxy-bio-unittest.c src_proxy_bio_unittest_SOURCES+= src/test-bio.c src_proxy_bio_unittest_SOURCES+= src/util.c check_PROGRAMS+= src/proxy-bio_unittest noinst_PROGRAMS+= src/proxy-bio_unittest endif endif if TARGET_FREEBSD if !POLARSSL src_proxy_bio_unittest_LDADD = @SSL_LIBS@ src_proxy_bio_unittest_SOURCES = src/proxy-bio.c src_proxy_bio_unittest_SOURCES+= src/proxy-bio-unittest.c src_proxy_bio_unittest_SOURCES+= src/test-bio.c src_proxy_bio_unittest_SOURCES+= src/util.c if !HAVE_STRCHRNUL src_proxy_bio_unittest_SOURCES+= src/common/android.c endif check_PROGRAMS+= src/proxy-bio_unittest noinst_PROGRAMS+= src/proxy-bio_unittest endif endif if TARGET_NETBSD if !POLARSSL src_proxy_bio_unittest_LDADD = @SSL_LIBS@ src_proxy_bio_unittest_SOURCES = src/proxy-bio.c src_proxy_bio_unittest_SOURCES+= src/proxy-bio-unittest.c src_proxy_bio_unittest_SOURCES+= src/test-bio.c src_proxy_bio_unittest_SOURCES+= src/util.c src_proxy_bio_unittest_SOURCES+= src/common/android.c # XXX This conditional should apply for any system where we're building # proxy_bio_unittest, but I don't know how to tell that to automake. if !HAVE_STRNLEN src_proxy_bio_unittest_SOURCES+= src/common/strnlen.c endif check_PROGRAMS+= src/proxy-bio_unittest noinst_PROGRAMS+= src/proxy-bio_unittest endif endif if TARGET_OPENBSD if !POLARSSL src_proxy_bio_unittest_LDADD = @SSL_LIBS@ src_proxy_bio_unittest_SOURCES = src/proxy-bio.c src_proxy_bio_unittest_SOURCES+= src/proxy-bio-unittest.c src_proxy_bio_unittest_SOURCES+= src/test-bio.c src_proxy_bio_unittest_SOURCES+= src/util.c src_proxy_bio_unittest_SOURCES+= src/common/android.c src_proxy_bio_unittest_SOURCES+= src/common/fmemopen.c check_PROGRAMS+= src/proxy-bio_unittest noinst_PROGRAMS+= src/proxy-bio_unittest endif endif if TARGET_DRAGONFLYBSD if !POLARSSL src_proxy_bio_unittest_LDADD = @SSL_LIBS@ src_proxy_bio_unittest_SOURCES = src/proxy-bio.c src_proxy_bio_unittest_SOURCES+= src/proxy-bio-unittest.c src_proxy_bio_unittest_SOURCES+= src/test-bio.c src_proxy_bio_unittest_SOURCES+= src/util.c src_proxy_bio_unittest_SOURCES+= src/common/android.c check_PROGRAMS+= src/proxy-bio_unittest noinst_PROGRAMS+= src/proxy-bio_unittest endif endif if TARGET_BSD if !POLARSSL if !TARGET_FREEBSD if !TARGET_NETBSD src_proxy_bio_unittest_LDADD = @SSL_LIBS@ src_proxy_bio_unittest_SOURCES = src/proxy-bio.c src_proxy_bio_unittest_SOURCES+= src/proxy-bio-unittest.c src_proxy_bio_unittest_SOURCES+= src/test-bio.c src_proxy_bio_unittest_SOURCES+= src/util.c check_PROGRAMS+= src/proxy-bio_unittest noinst_PROGRAMS+= src/proxy-bio_unittest endif endif endif endif if TARGET_GNUHURD if !POLARSSL src_proxy_bio_unittest_LDADD = @SSL_LIBS@ src_proxy_bio_unittest_SOURCES = src/proxy-bio.c src_proxy_bio_unittest_SOURCES+= src/proxy-bio-unittest.c src_proxy_bio_unittest_SOURCES+= src/test-bio.c src_proxy_bio_unittest_SOURCES+= src/util.c src_proxy_bio_unittest_SOURCES+= src/common/android.c check_PROGRAMS+= src/proxy-bio_unittest noinst_PROGRAMS+= src/proxy-bio_unittest endif endif if TARGET_CYGWIN if !POLARSSL src_proxy_bio_unittest_LDADD = @SSL_LIBS@ src_proxy_bio_unittest_SOURCES = src/proxy-bio.c src_proxy_bio_unittest_SOURCES+= src/proxy-bio-unittest.c src_proxy_bio_unittest_SOURCES+= src/test-bio.c src_proxy_bio_unittest_SOURCES+= src/util.c src_proxy_bio_unittest_SOURCES+= src/common/android.c check_PROGRAMS+= src/proxy-bio_unittest noinst_PROGRAMS+= src/proxy-bio_unittest endif endif if TARGET_MINGW if !POLARSSL src_proxy_bio_unittest_LDADD = @SSL_LIBS@ src_proxy_bio_unittest_SOURCES = src/proxy-bio.c src_proxy_bio_unittest_SOURCES+= src/proxy-bio-unittest.c src_proxy_bio_unittest_SOURCES+= src/test-bio.c src_proxy_bio_unittest_SOURCES+= src/util.c src_proxy_bio_unittest_SOURCES+= src/common/android.c check_PROGRAMS+= src/proxy-bio_unittest noinst_PROGRAMS+= src/proxy-bio_unittest endif endif if TARGET_HAIKU if !POLARSSL src_proxy_bio_unittest_LDADD = @SSL_LIBS@ src_proxy_bio_unittest_SOURCES = src/proxy-bio.c src_proxy_bio_unittest_SOURCES+= src/proxy-bio-unittest.c src_proxy_bio_unittest_SOURCES+= src/test-bio.c src_proxy_bio_unittest_SOURCES+= src/util.c src_proxy_bio_unittest_SOURCES+= src/common/android.c check_PROGRAMS+= src/proxy-bio_unittest noinst_PROGRAMS+= src/proxy-bio_unittest endif endif # We're not shipping headers noinst_HEADERS+= src/routeup.h noinst_HEADERS+= src/test_harness.h noinst_HEADERS+= src/tlsdate-helper.h noinst_HEADERS+= src/tlsdate.h noinst_HEADERS+= src/util.h noinst_HEADERS+= src/visibility.h noinst_HEADERS+= src/proxy-bio.h noinst_HEADERS+= src/proxy-polarssl.h noinst_HEADERS+= src/test-bio.h noinst_HEADERS+= src/conf.h if HAVE_ANDROID noinst_HEADERS+= src/common/android.h endif # This is our explicit target list # We do not attempt to build with PolarSSL if !POLARSSL if !TARGET_LINUX if !TARGET_OSX if !TARGET_OPENBSD if !TARGET_NETBSD if !TARGET_FREEBSD if !TARGET_DRAGONFLYBSD if !TARGET_HAIKU if !TARGET_GNUHURD if !TARGET_CYGWIN if !TARGET_MINGW if !TARGET_BSD bin_PROGRAMS+= src/tlsdate bin_PROGRAMS+= src/tlsdate-helper src_conf_unittest_SOURCES = src/conf.c src_conf_unittest_SOURCES+= src/conf-unittest.c src_conf_unittest_SOURCES+= src/common/android.c check_PROGRAMS+= src/conf_unittest noinst_PROGRAMS+= src/conf_unittest endif endif endif endif endif endif endif endif endif endif endif endif if !POLARSSL if !TARGET_LINUX if !TARGET_OSX if !TARGET_OPENBSD if !TARGET_NETBSD if !TARGET_FREEBSD if !TARGET_DRAGONFLYBSD if !TARGET_HAIKU if !TARGET_GNUHURD if !TARGET_CYGWIN if !TARGET_MINGW if !TARGET_BSD src_proxy_bio_unittest_LDADD = @SSL_LIBS@ src_proxy_bio_unittest_SOURCES = src/proxy-bio.c src_proxy_bio_unittest_SOURCES+= src/proxy-bio-unittest.c src_proxy_bio_unittest_SOURCES+= src/test-bio.c src_proxy_bio_unittest_SOURCES+= src/util.c src_proxy_bio_unittest_SOURCES+= src/common/android.c check_PROGRAMS+= src/proxy-bio_unittest noinst_PROGRAMS+= src/proxy-bio_unittest endif endif endif endif endif endif endif endif endif endif endif endif src_event_unittest_SOURCES = src/event.c src_event_unittest_SOURCES+= src/event-unittest.c src_event_unittest_SOURCES+= src/routeup.c src_event_unittest_SOURCES+= src/util.c check_PROGRAMS+= src/event_unittest if !TARGET_OSX check_PROGRAMS+= src/test/proxy-override src/test/return-argc \ src/test/rotate src/test/sleep-wrap endif tlsdate-0.0.7/src/proxy-bio-plan9.c000066400000000000000000000223711230412117200170600ustar00rootroot00000000000000/* * proxy-bio.c - BIO layer for SOCKS4a/5 proxy connections * * Copyright (c) 2012 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * This file implements a SOCKS4a/SOCKS5 "filter" BIO. In SSL terminology, a BIO * is a stackable IO filter, kind of like sysv streams. These filters are * inserted into a stream to cause it to run SOCKS over whatever transport is * being used. Most commonly, this would be: * SSL BIO (filter) -> SOCKS BIO (filter) -> connect BIO (source/sink) * This configuration represents doing an SSL connection through a SOCKS proxy, * which is itself connected to in plaintext. You might also do: * SSL BIO -> SOCKS BIO -> SSL BIO -> connect BIO * This is an SSL connection through a SOCKS proxy which is itself reached over * SSL. */ #include #include #ifndef __USE_MISC #define __USE_MISC #endif #ifndef __USE_POSIX #define __USE_POSIX #endif #ifndef NI_MAXHOST #define NI_MAXHOST 1025 #endif #ifndef UINT8_MAX #define UINT8_MAX (255) #endif #include #include #include "src/proxy-bio-plan9.h" int socks4a_connect(BIO *b); int socks5_connect(BIO *b); int http_connect(BIO *b); int proxy_new(BIO *b) { struct proxy_ctx *ctx = (struct proxy_ctx *) malloc(sizeof *ctx); if (!ctx) return 0; ctx->connected = 0; ctx->connect = NULL; ctx->host = NULL; ctx->port = 0; b->init = 1; b->flags = 0; b->ptr = ctx; return 1; } int proxy_free(BIO *b) { struct proxy_ctx *c; if (!b || !b->ptr) return 1; c = (struct proxy_ctx *) b->ptr; if (c->host) free(c->host); c->host = NULL; b->ptr = NULL; free(c); return 1; } int socks4a_connect(BIO *b) { struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; int r; unsigned char buf[NI_MAXHOST + 16]; uint16_t port_n = htons(ctx->port); size_t sz = 0; verb("V: proxy4: connecting %s:%d\n", ctx->host, ctx->port); /* * Packet layout: * 1b: Version (must be 0x04) * 1b: command (0x01 is connect) * 2b: port number, big-endian * 4b: 0x00, 0x00, 0x00, 0x01 (bogus IPv4 addr) * 1b: 0x00 (empty 'userid' field) * nb: hostname, null-terminated */ buf[0] = 0x04; buf[1] = 0x01; sz += 2; memcpy(buf + 2, &port_n, sizeof(port_n)); sz += sizeof(port_n); buf[4] = 0x00; buf[5] = 0x00; buf[6] = 0x00; buf[7] = 0x01; sz += 4; buf[8] = 0x00; sz += 1; memcpy(buf + sz, ctx->host, strlen(ctx->host) + 1); sz += strlen(ctx->host) + 1; r = BIO_write(b->next_bio, buf, sz); if ( -1 == r ) return -1; if ( (size_t) r != sz) return 0; /* server reply: 1 + 1 + 2 + 4 */ r = BIO_read(b->next_bio, buf, 8); if ( -1 == r ) return -1; if ( (size_t) r != 8) return 0; if (buf[1] == 0x5a) { verb("V: proxy4: connected\n"); ctx->connected = 1; return 1; } return 0; } int socks5_connect(BIO *b) { unsigned char buf[NI_MAXHOST + 16]; int r; struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; uint16_t port_n = htons(ctx->port); size_t sz = 0; /* the length for SOCKS addresses is only one byte. */ if (strlen(ctx->host) == UINT8_MAX + 1) return 0; verb("V: proxy5: connecting %s:%d\n", ctx->host, ctx->port); /* * Hello packet layout: * 1b: Version * 1b: auth methods * nb: method types * * We support only one method (no auth, 0x00). Others listed in RFC * 1928. */ buf[0] = 0x05; buf[1] = 0x01; buf[2] = 0x00; r = BIO_write(b->next_bio, buf, 3); if (r != 3) return 0; r = BIO_read(b->next_bio, buf, 2); if (r != 2) return 0; if (buf[0] != 0x05 || buf[1] != 0x00) { verb("V: proxy5: auth error %02x %02x\n", buf[0], buf[1]); return 0; } /* * Connect packet layout: * 1b: version * 1b: command (0x01 is connect) * 1b: reserved, 0x00 * 1b: addr type (0x03 is domain name) * nb: addr len (1b) + addr bytes, no null termination * 2b: port, network byte order */ buf[0] = 0x05; buf[1] = 0x01; buf[2] = 0x00; buf[3] = 0x03; buf[4] = strlen(ctx->host); sz += 5; memcpy(buf + 5, ctx->host, strlen(ctx->host)); sz += strlen(ctx->host); memcpy(buf + sz, &port_n, sizeof(port_n)); sz += sizeof(port_n); r = BIO_write(b->next_bio, buf, sz); if ( -1 == r ) return -1; if ( (size_t) r != sz) return 0; /* * Server's response: * 1b: version * 1b: status (0x00 is okay) * 1b: reserved, 0x00 * 1b: addr type (0x03 is domain name, 0x01 ipv4) * nb: addr len (1b) + addr bytes, no null termination * 2b: port, network byte order */ /* grab up through the addr type */ r = BIO_read(b->next_bio, buf, 4); if ( -1 == r ) return -1; if (r != 4) return 0; if (buf[0] != 0x05 || buf[1] != 0x00) { verb("V: proxy5: connect error %02x %02x\n", buf[0], buf[1]); return 0; } if (buf[3] == 0x03) { unsigned int len; r = BIO_read(b->next_bio, buf + 4, 1); if (r != 1) return 0; /* host (buf[4] bytes) + port (2 bytes) */ len = buf[4] + 2; while (len) { r = BIO_read(b->next_bio, buf + 5, min(len, sizeof(buf))); if (r <= 0) return 0; len -= min(len, r); } } else if (buf[3] == 0x01) { /* 4 bytes ipv4 addr, 2 bytes port */ r = BIO_read(b->next_bio, buf + 4, 6); if (r != 6) return 0; } verb("V: proxy5: connected\n"); ctx->connected = 1; return 1; } /* SSL socket BIOs don't support BIO_gets, so... */ int sock_gets(BIO *b, char *buf, size_t sz) { char c; while (BIO_read(b, &c, 1) > 0 && sz > 1) { *buf++ = c; sz--; if (c == '\n') { *buf = '\0'; return 0; } } return 1; } int http_connect(BIO *b) { int r; struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; char buf[4096]; int retcode; snprintf(buf, sizeof(buf), "CONNECT %s:%d HTTP/1.1\r\n", ctx->host, ctx->port); r = BIO_write(b->next_bio, buf, strlen(buf)); if ( -1 == r ) return -1; if ( (size_t) r != strlen(buf)) return 0; /* required by RFC 2616 14.23 */ snprintf(buf, sizeof(buf), "Host: %s:%d\r\n", ctx->host, ctx->port); r = BIO_write(b->next_bio, buf, strlen(buf)); if ( -1 == r ) return -1; if ( (size_t) r != strlen(buf)) return 0; strcpy(buf, "\r\n"); r = BIO_write(b->next_bio, buf, strlen(buf)); if ( -1 == r ) return -1; if ( (size_t) r != strlen(buf)) return 0; r = sock_gets(b->next_bio, buf, sizeof(buf)); if (r) return 0; /* use %*s to ignore the version */ if (sscanf(buf, "HTTP/%*s %d", &retcode) != 1) return 0; if (retcode < 200 || retcode > 299) return 0; while (!(r = sock_gets(b->next_bio, buf, sizeof(buf)))) { if (!strcmp(buf, "\r\n")) { /* Done with the header */ ctx->connected = 1; return 1; } } return 0; } int proxy_write(BIO *b, const char *buf, int sz) { int r; struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; assert(buf); if (sz <= 0) return 0; if (!b->next_bio) return 0; if (!ctx->connected) { assert(ctx->connect); if (!ctx->connect(b)) return 0; } r = BIO_write(b->next_bio, buf, sz); BIO_clear_retry_flags(b); BIO_copy_next_retry(b); return r; } int proxy_read(BIO *b, char *buf, int sz) { int r; struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; assert(buf); if (!b->next_bio) return 0; if (!ctx->connected) { assert(ctx->connect); if (!ctx->connect(b)) return 0; } r = BIO_read(b->next_bio, buf, sz); BIO_clear_retry_flags(b); BIO_copy_next_retry(b); return r; } long proxy_ctrl(BIO *b, int cmd, long num, void *ptr) { long ret; struct proxy_ctx *ctx; if (!b->next_bio) return 0; ctx = (struct proxy_ctx *) b->ptr; assert(ctx); switch (cmd) { case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); ret = BIO_ctrl(b->next_bio, cmd, num, ptr); BIO_copy_next_retry(b); break; case BIO_CTRL_DUP: ret = 0; break; default: ret = BIO_ctrl(b->next_bio, cmd, num, ptr); } return ret; } int proxy_gets(BIO *b, char *buf, int size) { return BIO_gets(b->next_bio, buf, size); } int proxy_puts(BIO *b, const char *str) { return BIO_puts(b->next_bio, str); } long proxy_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) { if (!b->next_bio) return 0; return BIO_callback_ctrl(b->next_bio, cmd, fp); } BIO_METHOD proxy_methods = { BIO_TYPE_MEM, "proxy", proxy_write, proxy_read, proxy_puts, proxy_gets, proxy_ctrl, proxy_new, proxy_free, proxy_callback_ctrl, }; BIO_METHOD *BIO_f_proxy() { return &proxy_methods; } /* API starts here */ BIO API *BIO_new_proxy() { return BIO_new(BIO_f_proxy()); } int API BIO_proxy_set_type(BIO *b, const char *type) { struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; if (!strcmp(type, "socks5")) ctx->connect = socks5_connect; else if (!strcmp(type, "socks4a")) ctx->connect = socks4a_connect; else if (!strcmp(type, "http")) ctx->connect = http_connect; else return 1; return 0; } int API BIO_proxy_set_host(BIO *b, const char *host) { struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; if (strlen(host) == NI_MAXHOST) return 1; ctx->host = strdup(host); return 0; } void API BIO_proxy_set_port(BIO *b, uint16_t port) { struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; ctx->port = port; } tlsdate-0.0.7/src/proxy-bio-plan9.h000066400000000000000000000013101230412117200170530ustar00rootroot00000000000000/* * proxy-bio.h - BIO layer for transparent proxy connections * * Copyright (c) 2012 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #ifndef PROXY_BIO_H #define PROXY_BIO_H #include #include #include "util-plan9.h" struct proxy_ctx { char *host; uint16_t port; int connected; int (*connect)(BIO *b); }; BIO *BIO_new_proxy(); /* These do not take ownership of their string arguments. */ int BIO_proxy_set_type(BIO *b, const char *type); int BIO_proxy_set_host(BIO *b, const char *host); void BIO_proxy_set_port(BIO *b, uint16_t port); #endif /* !PROXY_BIO_H */ tlsdate-0.0.7/src/proxy-bio-unittest.c000066400000000000000000000205561230412117200177170ustar00rootroot00000000000000/* * proxy-bio-unittest.c - proxy-bio unit tests * Copyright (c) 2012 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #if defined(__linux__) #include #endif #include "src/proxy-bio.h" #include "src/test-bio.h" #include "src/test_harness.h" #include "src/tlsdate.h" FIXTURE(test_bio) { BIO *test; }; FIXTURE_SETUP(test_bio) { self->test = BIO_new_test(); ASSERT_NE(NULL, self->test); } FIXTURE_TEARDOWN(test_bio) { BIO_free(self->test); } BIO *proxy_bio(BIO *test, const char *type) { BIO *proxy = BIO_new_proxy(); BIO_proxy_set_type(proxy, type); BIO_proxy_set_host(proxy, kTestHost); BIO_proxy_set_port(proxy, TEST_PORT); BIO_push(proxy, test); return proxy; } int need_out_bytes(BIO *test, const unsigned char *out, size_t sz) { unsigned char *buf = malloc(sz); size_t i; int result; if (!buf) return 1; if (BIO_test_output_left(test) < sz) { fprintf(TH_LOG_STREAM, "not enough output: %d < %d\n", (int)BIO_test_output_left(test), (int)sz); free(buf); return 2; } if (BIO_test_get_output(test, buf, sz) != sz) { free(buf); return 3; } if (memcmp(buf, out, sz)) { for (i = 0; i < sz; i++) { if (buf[i] != out[i]) fprintf(TH_LOG_STREAM, "mismatch %d %02x %02x\n", (int)i, buf[i], out[i]); } } result = memcmp(buf, out, sz); free(buf); return result; } int need_out_byte(BIO *test, unsigned char out) { unsigned char c; if (BIO_test_output_left(test) < 1) return 1; if (BIO_test_get_output(test, &c, 1) != 1) return 2; return c != out; } int get_bytes(BIO *test, unsigned char *buf, size_t sz) { return BIO_test_get_output(test, buf, sz); } void put_bytes(BIO *test, const unsigned char *buf, size_t sz) { BIO_test_add_input(test, buf, sz); } void put_byte(BIO *test, char c) { BIO_test_add_input(test, (unsigned char *)&c, 1); } unsigned const char kSocks4ARequest[] = { 0x04, /* socks4 */ 0x01, /* tcp stream */ (TEST_PORT & 0xff00) >> 8, TEST_PORT & 0xff, 0x00, 0x00, 0x00, 0x01, /* bogus IP */ 0x00, /* userid */ TEST_HOST, 0x00 /* null-terminated host */ }; TEST_F(test_bio, socks4a_success) { unsigned const char kTestInput[] = { 0xde, 0xad, 0xbe, 0xef }; unsigned const char kReply[] = { 0x00, /* null byte */ 0x5a, /* success */ (TEST_PORT & 0xff00) >> 8, /* port high */ TEST_PORT & 0xff, /* port low */ 0x00, 0x00, 0x00, 0x00 /* bogus IP */ }; BIO *proxy = proxy_bio(self->test, "socks4a"); put_bytes(self->test, kReply, sizeof(kReply)); EXPECT_EQ(4, BIO_write(proxy, kTestInput, sizeof(kTestInput))); EXPECT_EQ(0, need_out_bytes(self->test, kSocks4ARequest, sizeof(kSocks4ARequest))); EXPECT_EQ(0, need_out_bytes(self->test, kTestInput, sizeof(kTestInput))); EXPECT_EQ(0, BIO_test_output_left(self->test)); } TEST_F(test_bio, socks4a_fail) { unsigned const char kTestInput[] = { 0xde, 0xad, 0xbe, 0xef }; unsigned const char kReply[] = { 0x00, /* null byte */ 0x5b, /* fail */ (TEST_PORT & 0xff00) >> 8, /* port high */ TEST_PORT & 0xff, /* port low */ 0x00, 0x00, 0x00, 0x00 /* bogus IP */ }; BIO *proxy = proxy_bio(self->test, "socks4a"); put_bytes(self->test, kReply, sizeof(kReply)); EXPECT_EQ(0, BIO_write(proxy, kTestInput, sizeof(kTestInput))); EXPECT_EQ(0, need_out_bytes(self->test, kSocks4ARequest, sizeof(kSocks4ARequest))); /* We shouldn't have written any payload */ EXPECT_EQ(0, BIO_test_output_left(self->test)); } unsigned const char kSocks5AuthRequest[] = { 0x05, /* socks5 */ 0x01, /* one auth method */ 0x00 /* no auth */ }; unsigned const char kSocks5AuthReply[] = { 0x05, /* socks5 */ 0x00, /* no auth */ }; unsigned const char kSocks5ConnectRequest[] = { 0x05, /* socks5 */ 0x01, /* tcp stream */ 0x00, /* reserved 0x00 */ 0x03, /* domain name */ TEST_HOST_SIZE, /* hostname with length prefix */ TEST_HOST, (TEST_PORT & 0xff00) >> 8, TEST_PORT & 0xff }; unsigned const char kSocks5ConnectReply[] = { 0x05, /* socks5 */ 0x00, /* success */ 0x00, /* reserved 0x00 */ 0x03, /* domain name */ TEST_HOST_SIZE, /* hostname with length prefix */ TEST_HOST, (TEST_PORT & 0xff00) >> 8, TEST_PORT & 0xff }; TEST_F(test_bio, socks5_success) { unsigned const char kTestInput[] = { 0xde, 0xad, 0xbe, 0xef }; BIO *proxy = proxy_bio(self->test, "socks5"); put_bytes(self->test, kSocks5AuthReply, sizeof(kSocks5AuthReply)); put_bytes(self->test, kSocks5ConnectReply, sizeof(kSocks5ConnectReply)); EXPECT_EQ(4, BIO_write(proxy, kTestInput, sizeof(kTestInput))); EXPECT_EQ(0, need_out_bytes(self->test, kSocks5AuthRequest, sizeof(kSocks5AuthRequest))); EXPECT_EQ(0, need_out_bytes(self->test, kSocks5ConnectRequest, sizeof(kSocks5ConnectRequest))); EXPECT_EQ(0, need_out_bytes(self->test, kTestInput, sizeof(kTestInput))); EXPECT_EQ(0, BIO_test_output_left(self->test)); } TEST_F(test_bio, socks5_auth_fail) { unsigned const char kTestInput[] = { 0xde, 0xad, 0xbe, 0xef }; unsigned const char kAuthFail[] = { 0x05, 0xff, }; BIO *proxy = proxy_bio(self->test, "socks5"); put_bytes(self->test, kAuthFail, sizeof(kAuthFail)); EXPECT_EQ(0, BIO_write(proxy, kTestInput, sizeof(kTestInput))); EXPECT_EQ(0, need_out_bytes(self->test, kSocks5AuthRequest, sizeof(kSocks5AuthRequest))); EXPECT_EQ(0, BIO_test_output_left(self->test)); } TEST_F(test_bio, socks5_connect_fail) { unsigned const char kTestInput[] = { 0xde, 0xad, 0xbe, 0xef }; unsigned const char kConnectFail[] = { 0x05, 0x01, 0x00, 0x03, TEST_HOST_SIZE, TEST_HOST, (TEST_PORT & 0xff00) >> 8, TEST_PORT & 0xff }; BIO *proxy = proxy_bio(self->test, "socks5"); put_bytes(self->test, kSocks5AuthReply, sizeof(kSocks5AuthReply)); put_bytes(self->test, kConnectFail, sizeof(kConnectFail)); EXPECT_EQ(0, BIO_write(proxy, kTestInput, sizeof(kTestInput))); EXPECT_EQ(0, need_out_bytes(self->test, kSocks5AuthRequest, sizeof(kSocks5AuthRequest))); EXPECT_EQ(0, need_out_bytes(self->test, kSocks5ConnectRequest, sizeof(kSocks5ConnectRequest))); EXPECT_EQ(0, BIO_test_output_left(self->test)); } TEST_F(test_bio, http_success) { unsigned const char kTestInput[] = { 0xde, 0xad, 0xbe, 0xef }; BIO *proxy = proxy_bio(self->test, "http"); char kConnectRequest[1024]; char kConnectResponse[] = "HTTP/1.0 200 OK\r\n" "Uninteresting-Header: foobar\r\n" "Another-Header: lol\r\n" "\r\n"; snprintf(kConnectRequest, sizeof(kConnectRequest), "CONNECT %s:%d HTTP/1.1\r\nHost: %s:%d\r\n\r\n", kTestHost, TEST_PORT, kTestHost, TEST_PORT); put_bytes(self->test, (unsigned char *)kConnectResponse, strlen(kConnectResponse)); EXPECT_EQ(4, BIO_write(proxy, kTestInput, sizeof(kTestInput))); EXPECT_EQ(0, need_out_bytes(self->test, (unsigned char *)kConnectRequest, strlen(kConnectRequest))); EXPECT_EQ(0, need_out_bytes(self->test, kTestInput, sizeof(kTestInput))); EXPECT_EQ(0, BIO_test_output_left(self->test)); } TEST_F(test_bio, http_error) { unsigned const char kTestInput[] = { 0xde, 0xad, 0xbe, 0xef }; BIO *proxy = proxy_bio(self->test, "http"); char kConnectRequest[1024]; char kConnectResponse[] = "HTTP/1.0 403 NO U\r\n" "Uninteresting-Header: foobar\r\n" "Another-Header: lol\r\n" "\r\n"; snprintf(kConnectRequest, sizeof(kConnectRequest), "CONNECT %s:%d HTTP/1.1\r\nHost: %s:%d\r\n\r\n", kTestHost, TEST_PORT, kTestHost, TEST_PORT); put_bytes(self->test, (unsigned char *)kConnectResponse, strlen(kConnectResponse)); EXPECT_EQ(0, BIO_write(proxy, kTestInput, sizeof(kTestInput))); EXPECT_EQ(0, need_out_bytes(self->test, (unsigned char *)kConnectRequest, strlen(kConnectRequest))); EXPECT_EQ(0, BIO_test_output_left(self->test)); } TEST_HARNESS_MAIN tlsdate-0.0.7/src/proxy-bio.c000066400000000000000000000223721230412117200160400ustar00rootroot00000000000000/* * proxy-bio.c - BIO layer for SOCKS4a/5 proxy connections * * Copyright (c) 2012 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * This file implements a SOCKS4a/SOCKS5 "filter" BIO. In SSL terminology, a BIO * is a stackable IO filter, kind of like sysv streams. These filters are * inserted into a stream to cause it to run SOCKS over whatever transport is * being used. Most commonly, this would be: * SSL BIO (filter) -> SOCKS BIO (filter) -> connect BIO (source/sink) * This configuration represents doing an SSL connection through a SOCKS proxy, * which is itself connected to in plaintext. You might also do: * SSL BIO -> SOCKS BIO -> SSL BIO -> connect BIO * This is an SSL connection through a SOCKS proxy which is itself reached over * SSL. */ #include "config.h" #include #include #ifndef __USE_MISC #define __USE_MISC #endif #ifndef __USE_POSIX #define __USE_POSIX #endif #include #include #ifndef HAVE_STRNLEN #include "src/common/strnlen.h" #endif #include "src/proxy-bio.h" int socks4a_connect(BIO *b); int socks5_connect(BIO *b); int http_connect(BIO *b); int proxy_new(BIO *b) { struct proxy_ctx *ctx = (struct proxy_ctx *) malloc(sizeof *ctx); if (!ctx) return 0; ctx->connected = 0; ctx->connect = NULL; ctx->host = NULL; ctx->port = 0; b->init = 1; b->flags = 0; b->ptr = ctx; return 1; } int proxy_free(BIO *b) { struct proxy_ctx *c; if (!b || !b->ptr) return 1; c = (struct proxy_ctx *) b->ptr; if (c->host) free(c->host); c->host = NULL; b->ptr = NULL; free(c); return 1; } int socks4a_connect(BIO *b) { struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; int r; unsigned char buf[NI_MAXHOST + 16]; uint16_t port_n = htons(ctx->port); size_t sz = 0; verb("V: proxy4: connecting %s:%d\n", ctx->host, ctx->port); /* * Packet layout: * 1b: Version (must be 0x04) * 1b: command (0x01 is connect) * 2b: port number, big-endian * 4b: 0x00, 0x00, 0x00, 0x01 (bogus IPv4 addr) * 1b: 0x00 (empty 'userid' field) * nb: hostname, null-terminated */ buf[0] = 0x04; buf[1] = 0x01; sz += 2; memcpy(buf + 2, &port_n, sizeof(port_n)); sz += sizeof(port_n); buf[4] = 0x00; buf[5] = 0x00; buf[6] = 0x00; buf[7] = 0x01; sz += 4; buf[8] = 0x00; sz += 1; memcpy(buf + sz, ctx->host, strlen(ctx->host) + 1); sz += strlen(ctx->host) + 1; r = BIO_write(b->next_bio, buf, sz); if ( -1 == r ) return -1; if ( (size_t) r != sz) return 0; /* server reply: 1 + 1 + 2 + 4 */ r = BIO_read(b->next_bio, buf, 8); if ( -1 == r ) return -1; if ( (size_t) r != 8) return 0; if (buf[1] == 0x5a) { verb("V: proxy4: connected\n"); ctx->connected = 1; return 1; } return 0; } int socks5_connect(BIO *b) { unsigned char buf[NI_MAXHOST + 16]; int r; struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; uint16_t port_n = htons(ctx->port); size_t sz = 0; /* the length for SOCKS addresses is only one byte. */ if (strnlen(ctx->host, UINT8_MAX + 1) == UINT8_MAX + 1) return 0; verb("V: proxy5: connecting %s:%d\n", ctx->host, ctx->port); /* * Hello packet layout: * 1b: Version * 1b: auth methods * nb: method types * * We support only one method (no auth, 0x00). Others listed in RFC * 1928. */ buf[0] = 0x05; buf[1] = 0x01; buf[2] = 0x00; r = BIO_write(b->next_bio, buf, 3); if (r != 3) return 0; r = BIO_read(b->next_bio, buf, 2); if (r != 2) return 0; if (buf[0] != 0x05 || buf[1] != 0x00) { verb("V: proxy5: auth error %02x %02x\n", buf[0], buf[1]); return 0; } /* * Connect packet layout: * 1b: version * 1b: command (0x01 is connect) * 1b: reserved, 0x00 * 1b: addr type (0x03 is domain name) * nb: addr len (1b) + addr bytes, no null termination * 2b: port, network byte order */ buf[0] = 0x05; buf[1] = 0x01; buf[2] = 0x00; buf[3] = 0x03; buf[4] = strlen(ctx->host); sz += 5; memcpy(buf + 5, ctx->host, strlen(ctx->host)); sz += strlen(ctx->host); memcpy(buf + sz, &port_n, sizeof(port_n)); sz += sizeof(port_n); r = BIO_write(b->next_bio, buf, sz); if ( -1 == r ) return -1; if ( (size_t) r != sz) return 0; /* * Server's response: * 1b: version * 1b: status (0x00 is okay) * 1b: reserved, 0x00 * 1b: addr type (0x03 is domain name, 0x01 ipv4) * nb: addr len (1b) + addr bytes, no null termination * 2b: port, network byte order */ /* grab up through the addr type */ r = BIO_read(b->next_bio, buf, 4); if ( -1 == r ) return -1; if (r != 4) return 0; if (buf[0] != 0x05 || buf[1] != 0x00) { verb("V: proxy5: connect error %02x %02x\n", buf[0], buf[1]); return 0; } if (buf[3] == 0x03) { unsigned int len; r = BIO_read(b->next_bio, buf + 4, 1); if (r != 1) return 0; /* host (buf[4] bytes) + port (2 bytes) */ len = buf[4] + 2; while (len) { r = BIO_read(b->next_bio, buf + 5, min(len, sizeof(buf))); if (r <= 0) return 0; len -= min(len, r); } } else if (buf[3] == 0x01) { /* 4 bytes ipv4 addr, 2 bytes port */ r = BIO_read(b->next_bio, buf + 4, 6); if (r != 6) return 0; } verb("V: proxy5: connected\n"); ctx->connected = 1; return 1; } /* SSL socket BIOs don't support BIO_gets, so... */ int sock_gets(BIO *b, char *buf, size_t sz) { char c; while (BIO_read(b, &c, 1) > 0 && sz > 1) { *buf++ = c; sz--; if (c == '\n') { *buf = '\0'; return 0; } } return 1; } int http_connect(BIO *b) { int r; struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; char buf[4096]; int retcode; snprintf(buf, sizeof(buf), "CONNECT %s:%d HTTP/1.1\r\n", ctx->host, ctx->port); r = BIO_write(b->next_bio, buf, strlen(buf)); if ( -1 == r ) return -1; if ( (size_t) r != strlen(buf)) return 0; /* required by RFC 2616 14.23 */ snprintf(buf, sizeof(buf), "Host: %s:%d\r\n", ctx->host, ctx->port); r = BIO_write(b->next_bio, buf, strlen(buf)); if ( -1 == r ) return -1; if ( (size_t) r != strlen(buf)) return 0; strcpy(buf, "\r\n"); r = BIO_write(b->next_bio, buf, strlen(buf)); if ( -1 == r ) return -1; if ( (size_t) r != strlen(buf)) return 0; r = sock_gets(b->next_bio, buf, sizeof(buf)); if (r) return 0; /* use %*s to ignore the version */ if (sscanf(buf, "HTTP/%*s %d", &retcode) != 1) return 0; if (retcode < 200 || retcode > 299) return 0; while (!(r = sock_gets(b->next_bio, buf, sizeof(buf)))) { if (!strcmp(buf, "\r\n")) { /* Done with the header */ ctx->connected = 1; return 1; } } return 0; } int proxy_write(BIO *b, const char *buf, int sz) { int r; struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; assert(buf); if (sz <= 0) return 0; if (!b->next_bio) return 0; if (!ctx->connected) { assert(ctx->connect); if (!ctx->connect(b)) return 0; } r = BIO_write(b->next_bio, buf, sz); BIO_clear_retry_flags(b); BIO_copy_next_retry(b); return r; } int proxy_read(BIO *b, char *buf, int sz) { int r; struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; assert(buf); if (!b->next_bio) return 0; if (!ctx->connected) { assert(ctx->connect); if (!ctx->connect(b)) return 0; } r = BIO_read(b->next_bio, buf, sz); BIO_clear_retry_flags(b); BIO_copy_next_retry(b); return r; } long proxy_ctrl(BIO *b, int cmd, long num, void *ptr) { long ret; struct proxy_ctx *ctx; if (!b->next_bio) return 0; ctx = (struct proxy_ctx *) b->ptr; assert(ctx); switch (cmd) { case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); ret = BIO_ctrl(b->next_bio, cmd, num, ptr); BIO_copy_next_retry(b); break; case BIO_CTRL_DUP: ret = 0; break; default: ret = BIO_ctrl(b->next_bio, cmd, num, ptr); } return ret; } int proxy_gets(BIO *b, char *buf, int size) { return BIO_gets(b->next_bio, buf, size); } int proxy_puts(BIO *b, const char *str) { return BIO_puts(b->next_bio, str); } long proxy_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) { if (!b->next_bio) return 0; return BIO_callback_ctrl(b->next_bio, cmd, fp); } BIO_METHOD proxy_methods = { BIO_TYPE_MEM, "proxy", proxy_write, proxy_read, proxy_puts, proxy_gets, proxy_ctrl, proxy_new, proxy_free, proxy_callback_ctrl, }; BIO_METHOD *BIO_f_proxy() { return &proxy_methods; } /* API starts here */ BIO API *BIO_new_proxy() { return BIO_new(BIO_f_proxy()); } int API BIO_proxy_set_type(BIO *b, const char *type) { struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; if (!strcmp(type, "socks5")) ctx->connect = socks5_connect; else if (!strcmp(type, "socks4a")) ctx->connect = socks4a_connect; else if (!strcmp(type, "http")) ctx->connect = http_connect; else return 1; return 0; } int API BIO_proxy_set_host(BIO *b, const char *host) { struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; if (strnlen(host, NI_MAXHOST) == NI_MAXHOST) return 1; ctx->host = strdup(host); return 0; } void API BIO_proxy_set_port(BIO *b, uint16_t port) { struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr; ctx->port = port; } tlsdate-0.0.7/src/proxy-bio.h000066400000000000000000000013001230412117200160310ustar00rootroot00000000000000/* * proxy-bio.h - BIO layer for transparent proxy connections * * Copyright (c) 2012 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #ifndef PROXY_BIO_H #define PROXY_BIO_H #include #include #include "util.h" struct proxy_ctx { char *host; uint16_t port; int connected; int (*connect)(BIO *b); }; BIO *BIO_new_proxy(); /* These do not take ownership of their string arguments. */ int BIO_proxy_set_type(BIO *b, const char *type); int BIO_proxy_set_host(BIO *b, const char *host); void BIO_proxy_set_port(BIO *b, uint16_t port); #endif /* !PROXY_BIO_H */ tlsdate-0.0.7/src/proxy-polarssl.c000066400000000000000000000167061230412117200171320ustar00rootroot00000000000000/* * proxy-polarssl.c - Net stack layer for SOCKS4a/5 proxy connections * * Based on proxy-bio.c - Original copyright (c) 2012 The Chromium OS Authors. * * This file was adapted by Paul Bakker * All rights reserved. * * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * This file implements a SOCKS4a/SOCKS5 net layer as used by PolarSSL. */ #include "config.h" #include #include #ifndef __USE_MISC #define __USE_MISC #endif #ifndef __USE_POSIX #define __USE_POSIX #endif #include #include #include #ifndef HAVE_STRNLEN #include "src/common/strnlen.h" #endif #include "src/proxy-polarssl.h" #include "src/util.h" int socks4a_connect(proxy_polarssl_ctx *ctx) { int r; unsigned char buf[NI_MAXHOST + 16]; uint16_t port_n; size_t sz = 0; if (!ctx) return 0; verb("V: proxy4: connecting %s:%d\n", ctx->host, ctx->port); port_n = htons(ctx->port); /* * Packet layout: * 1b: Version (must be 0x04) * 1b: command (0x01 is connect) * 2b: port number, big-endian * 4b: 0x00, 0x00, 0x00, 0x01 (bogus IPv4 addr) * 1b: 0x00 (empty 'userid' field) * nb: hostname, null-terminated */ buf[0] = 0x04; buf[1] = 0x01; sz += 2; memcpy(buf + 2, &port_n, sizeof(port_n)); sz += sizeof(port_n); buf[4] = 0x00; buf[5] = 0x00; buf[6] = 0x00; buf[7] = 0x01; sz += 4; buf[8] = 0x00; sz += 1; memcpy(buf + sz, ctx->host, strlen(ctx->host) + 1); sz += strlen(ctx->host) + 1; r = ctx->f_send(ctx->p_send, buf, sz); if (r != sz) return 0; /* server reply: 1 + 1 + 2 + 4 */ r = ctx->f_recv(ctx->p_recv, buf, 8); if (r != 8) return 0; if (buf[1] == 0x5a) { verb("V: proxy4: connected\n"); ctx->connected = 1; return 1; } return 0; } int socks5_connect(proxy_polarssl_ctx *ctx) { unsigned char buf[NI_MAXHOST + 16]; int r; uint16_t port_n; size_t sz = 0; if (!ctx) return 0; /* the length for SOCKS addresses is only one byte. */ if (strnlen(ctx->host, UINT8_MAX + 1) == UINT8_MAX + 1) return 0; verb("V: proxy5: connecting %s:%d\n", ctx->host, ctx->port); port_n = htons(ctx->port); /* * Hello packet layout: * 1b: Version * 1b: auth methods * nb: method types * * We support only one method (no auth, 0x00). Others listed in RFC * 1928. */ buf[0] = 0x05; buf[1] = 0x01; buf[2] = 0x00; r = ctx->f_send(ctx->p_send, buf, 3); if (r != 3) return 0; r = ctx->f_recv(ctx->p_recv, buf, 2); if (r != 2) return 0; if (buf[0] != 0x05 || buf[1] != 0x00) { verb("V: proxy5: auth error %02x %02x\n", buf[0], buf[1]); return 0; } /* * Connect packet layout: * 1b: version * 1b: command (0x01 is connect) * 1b: reserved, 0x00 * 1b: addr type (0x03 is domain name) * nb: addr len (1b) + addr bytes, no null termination * 2b: port, network byte order */ buf[0] = 0x05; buf[1] = 0x01; buf[2] = 0x00; buf[3] = 0x03; buf[4] = strlen(ctx->host); sz += 5; memcpy(buf + 5, ctx->host, strlen(ctx->host)); sz += strlen(ctx->host); memcpy(buf + sz, &port_n, sizeof(port_n)); sz += sizeof(port_n); r = ctx->f_send(ctx->p_send, buf, sz); if (r != sz) return 0; /* * Server's response: * 1b: version * 1b: status (0x00 is okay) * 1b: reserved, 0x00 * 1b: addr type (0x03 is domain name, 0x01 ipv4) * nb: addr len (1b) + addr bytes, no null termination * 2b: port, network byte order */ /* grab up through the addr type */ r = ctx->f_recv(ctx->p_recv, buf, 4); if (r != 4) return 0; if (buf[0] != 0x05 || buf[1] != 0x00) { verb("V: proxy5: connect error %02x %02x\n", buf[0], buf[1]); return 0; } if (buf[3] == 0x03) { unsigned int len; r = ctx->f_recv(ctx->p_recv, buf + 4, 1); if (r != 1) return 0; /* host (buf[4] bytes) + port (2 bytes) */ len = buf[4] + 2; while (len) { r = ctx->f_recv(ctx->p_recv, buf + 5, min(len, sizeof(buf))); if (r <= 0) return 0; len -= min(len, r); } } else if (buf[3] == 0x01) { /* 4 bytes ipv4 addr, 2 bytes port */ r = ctx->f_recv(ctx->p_recv, buf + 4, 6); if (r != 6) return 0; } verb("V: proxy5: connected\n"); ctx->connected = 1; return 1; } /* SSL socket BIOs don't support BIO_gets, so... */ int sock_gets(proxy_polarssl_ctx *ctx, char *buf, size_t sz) { unsigned char c; while (ctx->f_recv(ctx->p_recv, &c, 1) > 0 && sz > 1) { *buf++ = c; sz--; if (c == '\n') { *buf = '\0'; return 0; } } return 1; } int http_connect(proxy_polarssl_ctx *ctx) { int r; char buf[4096]; int retcode; snprintf(buf, sizeof(buf), "CONNECT %s:%d HTTP/1.1\r\n", ctx->host, ctx->port); r = ctx->f_send(ctx->p_send, (unsigned char *) buf, strlen(buf)); if (r != strlen(buf)) return 0; /* required by RFC 2616 14.23 */ snprintf(buf, sizeof(buf), "Host: %s:%d\r\n", ctx->host, ctx->port); r = ctx->f_send(ctx->p_send, (unsigned char *) buf, strlen(buf)); if (r != strlen(buf)) return 0; strcpy(buf, "\r\n"); r = ctx->f_send(ctx->p_send, (unsigned char *) buf, strlen(buf)); if (r != strlen(buf)) return 0; r = sock_gets(ctx, buf, sizeof(buf)); if (r) return 0; /* use %*s to ignore the version */ if (sscanf(buf, "HTTP/%*s %d", &retcode) != 1) return 0; if (retcode < 200 || retcode > 299) return 0; while (!(r = sock_gets(ctx, buf, sizeof(buf)))) { if (!strcmp(buf, "\r\n")) { /* Done with the header */ ctx->connected = 1; return 1; } } return 0; } int API proxy_polarssl_init(proxy_polarssl_ctx *ctx) { if (!ctx) return 0; memset(ctx, 0, sizeof(proxy_polarssl_ctx)); return 1; } void API proxy_polarssl_set_bio(proxy_polarssl_ctx *ctx, int (*f_recv)(void *, unsigned char *, size_t), void *p_recv, int (*f_send)(void *, const unsigned char *, size_t), void *p_send) { if (!ctx) return; ctx->f_recv = f_recv; ctx->p_recv = p_recv; ctx->f_send = f_send; ctx->p_send = p_send; } int API proxy_polarssl_free(proxy_polarssl_ctx *ctx) { if (!ctx) return 0; if (ctx->host) { free(ctx->host); ctx->host = NULL; } return 1; } int API proxy_polarssl_set_scheme(proxy_polarssl_ctx *ctx, const char *scheme) { if (!strcmp(scheme, "socks5")) ctx->f_connect = socks5_connect; else if (!strcmp(scheme, "socks4")) ctx->f_connect = socks4a_connect; else if (!strcmp(scheme, "http")) ctx->f_connect = http_connect; else return 1; return 0; } int API proxy_polarssl_set_host(proxy_polarssl_ctx *ctx, const char *host) { if (strnlen(host, NI_MAXHOST) == NI_MAXHOST) return 1; ctx->host = strdup(host); return 0; } void API proxy_polarssl_set_port(proxy_polarssl_ctx *ctx, uint16_t port) { ctx->port = port; } int API proxy_polarssl_recv(void *ctx, unsigned char *data, size_t len) { proxy_polarssl_ctx *proxy = (proxy_polarssl_ctx *) ctx; int r; if (!ctx) return -1; if (!proxy->connected) { r = proxy->f_connect(ctx); if (r) return (r); } return proxy->f_recv(proxy->p_recv, data, len); } int API proxy_polarssl_send(void *ctx, const unsigned char *data, size_t len) { proxy_polarssl_ctx *proxy = (proxy_polarssl_ctx *) ctx; int r; if (!ctx) return -1; if (!proxy->connected) { r = proxy->f_connect(ctx); if (r) return (r); } return proxy->f_send(proxy->p_send, data, len); } tlsdate-0.0.7/src/proxy-polarssl.h000066400000000000000000000030671230412117200171330ustar00rootroot00000000000000/* * proxy-polarssl.h - PolarSSL layer for transparent proxy connections * * Based on proxy-bio.c - Original copyright (c) 2012 The Chromium OS Authors. * * This file was adapted by Paul Bakker * All rights reserved. * * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #ifndef PROXY_POLARSSL_H #define PROXY_POLARSSL_H #include typedef struct _proxy_polarssl_ctx proxy_polarssl_ctx; struct _proxy_polarssl_ctx { char *host; uint16_t port; int connected; int (*f_recv)(void *, unsigned char *, size_t); int (*f_send)(void *, const unsigned char *, size_t); int (*f_connect)(proxy_polarssl_ctx *); void *p_recv; /*!< context for reading operations */ void *p_send; /*!< context for writing operations */ }; int proxy_polarssl_init(proxy_polarssl_ctx *proxy); int proxy_polarssl_free(proxy_polarssl_ctx *ctx); void proxy_polarssl_set_bio(proxy_polarssl_ctx *ctx, int (*f_recv)(void *, unsigned char *, size_t), void *p_recv, int (*f_send)(void *, const unsigned char *, size_t), void *p_send); int proxy_polarssl_set_scheme(proxy_polarssl_ctx *ctx, const char *scheme); int proxy_polarssl_set_host(proxy_polarssl_ctx *ctx, const char *host); void proxy_polarssl_set_port(proxy_polarssl_ctx *ctx, uint16_t port); int proxy_polarssl_recv(void *ctx, unsigned char *data, size_t len); int proxy_polarssl_send(void *ctx, const unsigned char *data, size_t len); #endif /* !PROXY_POLARSSL_H */ tlsdate-0.0.7/src/routeup.c000066400000000000000000000065761230412117200156230ustar00rootroot00000000000000/* * routeup.c - listens for routes coming up, tells stdout * Copyright (c) 2012 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * We emit 'n' for a route coming up. */ #include "config.h" #include #include /* needed for linux/if.h for struct sockaddr */ #include #include #include #include #include #include #include #include #include #include #include #include "src/util.h" #include "src/routeup.h" int verbose; int verbose_debug; /* * Set up the supplied context by creating and binding its netlink socket. * Returns 0 for success, 1 for failure. */ int API routeup_setup (struct routeup *rtc) { struct sockaddr_nl sa; memset (&sa, 0, sizeof (sa)); sa.nl_family = AF_NETLINK; sa.nl_groups = RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE; rtc->netlinkfd = socket (AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (rtc->netlinkfd < 0) { perror ("netlink socket() failed"); return 1; } if (bind (rtc->netlinkfd, (struct sockaddr *) &sa, sizeof (sa)) < 0) { perror ("netlink bind() failed"); close (rtc->netlinkfd); return 1; } if (fcntl (rtc->netlinkfd, F_SETFL, O_NONBLOCK) < 0) { perror ("netlink fcntl(O_NONBLOCK) failed"); close (rtc->netlinkfd); return 1; } return 0; } /* * Handle a single netlink message. Block until we get a route status * change message. Returns 0 if there was a route status change, 1 if there was * a timeout, and -1 if there was a read error. */ int API routeup_once (struct routeup *rtc, unsigned int timeout) { char buf[4096]; ssize_t sz; struct timeval remaining; struct timeval *rp = timeout ? &remaining : NULL; fd_set fds; remaining.tv_sec = timeout; remaining.tv_usec = 0; FD_ZERO (&fds); FD_SET (rtc->netlinkfd, &fds); while (select (rtc->netlinkfd + 1, &fds, NULL, NULL, rp) >= 0) { FD_ZERO (&fds); FD_SET (rtc->netlinkfd, &fds); if (timeout && !remaining.tv_sec && !remaining.tv_usec) return 1; if ((sz = read (rtc->netlinkfd, buf, sizeof (buf))) < 0) return -1; struct nlmsghdr *nh; for (nh = (struct nlmsghdr *) buf; NLMSG_OK (nh, sz); nh = NLMSG_NEXT (nh, sz)) { /* * Unpack the netlink message into a bunch of... well... * netlink messages. The terminology is overloaded. Walk * through the message until we find a header of type * NLMSG_DONE. */ if (nh->nlmsg_type == NLMSG_DONE) break; if (nh->nlmsg_type != RTM_NEWROUTE) continue; /* * Clear out the socket so we don't keep old messages * queued up and eventually overflow the receive buffer. */ while (read (rtc->netlinkfd, buf, sizeof(buf)) > 0) /* loop through receive queue */; if (errno != EAGAIN) return -1; return 0; } } return -1; } /* Tear down the supplied context by closing its netlink socket. */ void API routeup_teardown (struct routeup *rtc) { close (rtc->netlinkfd); } #ifdef ROUTEUP_MAIN int API main () { struct routeup rtc; if (routeup_setup (&rtc)) return 1; while (!routeup_once (&rtc, 0)) printf ("n\n"); routeup_teardown (&rtc); return 0; } #endif /* ROUTEUP_MAIN */ tlsdate-0.0.7/src/routeup.h000066400000000000000000000013641230412117200156160ustar00rootroot00000000000000/* * routeup.h - routeup library interface * Copyright (c) 2012 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * Call routeup_setup() to initialize a routeup context, then call * routeup_once() until it returns nonzero (indicating an error) or until * you're no longer interested in route changes. Call routeup_teardown() * when you're done with an routeup context. */ #ifndef ROUTEUP_H #define ROUTEUP_H struct routeup { int netlinkfd; /* AF_NETLINK event socket */ }; int routeup_setup(struct routeup *ifc); int routeup_once(struct routeup *ifc, unsigned int timeout); void routeup_teardown(struct routeup *ifc); #endif /* !ROUTEUP_H */ tlsdate-0.0.7/src/test-bio.c000066400000000000000000000060461230412117200156360ustar00rootroot00000000000000/* * test-bio.c - BIO layer for testing * * Copyright (c) 2012 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * This is a 'source/sink' BIO which supports synthetic inputs and outputs, and * can be used to drive filter BIOs through a state machine. It buffers all * output sent to it, which can be retrieved with BIO_test_get_output(), and * input sent to it, which is handed back in response to BIO_read() by the * filter BIO. */ #include #include #include "src/test-bio.h" #include "src/util.h" int verbose; int verbose_debug; static const unsigned int kMagic = 0x5f8d3f15; struct test_ctx { unsigned int magic; unsigned char *out; size_t outsz; unsigned char *in; size_t insz; }; static struct test_ctx *bio_ctx(BIO *b) { struct test_ctx *ctx = b->ptr; assert(ctx->magic == kMagic); return ctx; } static size_t buf_drain(unsigned char **buf, size_t *bufsz, unsigned char *out, size_t outsz) { if (*bufsz < outsz) outsz = *bufsz; memcpy(out, *buf, outsz); if (*bufsz > outsz) memmove(*buf, *buf + outsz, *bufsz - outsz); *bufsz -= outsz; *buf = realloc(*buf, *bufsz); return outsz; } static void buf_fill(unsigned char **buf, size_t *bufsz, const unsigned char *in, size_t insz) { *buf = realloc(*buf, *bufsz + insz); memcpy(*buf + *bufsz, in, insz); *bufsz += insz; } int test_new(BIO *b) { struct test_ctx *ctx = malloc(sizeof *ctx); if (!ctx) return 0; ctx->magic = kMagic; ctx->in = NULL; ctx->insz = 0; ctx->out = NULL; ctx->outsz = 0; b->init = 1; b->flags = 0; b->ptr = ctx; return 1; } int test_free(BIO *b) { struct test_ctx *ctx; if (!b || !b->ptr) return 1; ctx = bio_ctx(b); free(ctx->in); free(ctx->out); return 1; } int test_write(BIO *b, const char *buf, int sz) { struct test_ctx *ctx = bio_ctx(b); if (sz <= 0) return 0; buf_fill(&ctx->out, &ctx->outsz, (unsigned char *)buf, sz); return sz; } int test_read(BIO *b, char *buf, int sz) { struct test_ctx *ctx = bio_ctx(b); if (sz <= 0) return 0; return buf_drain(&ctx->in, &ctx->insz, (unsigned char *)buf, sz); } long test_ctrl(BIO *b, int cmd, long num, void *ptr) { return 0; } long test_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) { return 0; } BIO_METHOD test_methods = { BIO_TYPE_SOCKET, "test", test_write, test_read, NULL, NULL, test_ctrl, test_new, test_free, test_callback_ctrl, }; BIO_METHOD *BIO_s_test() { return &test_methods; } BIO API *BIO_new_test() { return BIO_new(BIO_s_test()); } size_t API BIO_test_output_left(BIO *b) { return bio_ctx(b)->outsz; } size_t API BIO_test_get_output(BIO *b, unsigned char *buf, size_t bufsz) { struct test_ctx *c = bio_ctx(b); return buf_drain(&c->out, &c->outsz, buf, bufsz); } void API BIO_test_add_input(BIO *b, const unsigned char *buf, size_t bufsz) { struct test_ctx *c = bio_ctx(b); return buf_fill(&c->in, &c->insz, buf, bufsz); } tlsdate-0.0.7/src/test-bio.h000066400000000000000000000010131230412117200156300ustar00rootroot00000000000000/* * test-bio.h - test BIO that stores reads/writes * * Copyright (c) 2012 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #ifndef TEST_BIO_H #define TEST_BIO_H #include BIO *BIO_new_test(); size_t BIO_test_output_left(BIO *b); size_t BIO_test_get_output(BIO *b, unsigned char *buf, size_t bufsz); void BIO_test_add_input(BIO *b, const unsigned char *buf, size_t bufsz); #endif /* !TEST_BIO_H */ tlsdate-0.0.7/src/test/000077500000000000000000000000001230412117200147155ustar00rootroot00000000000000tlsdate-0.0.7/src/test/proxy-override.c000066400000000000000000000004341230412117200200600ustar00rootroot00000000000000#include int main(int argc, char *argv[]) { int saw_good_proxy = 0; while (argc--) { if (!strcmp(argv[0], "socks5://good.proxy")) saw_good_proxy = 1; if (!strcmp(argv[0], "socks5://bad.proxy")) return 2; argv++; } return !saw_good_proxy; } tlsdate-0.0.7/src/test/return-argc.c000066400000000000000000000001261230412117200173110ustar00rootroot00000000000000/* return-argc.c - returns argc */ int main(int argc, char *argv[]) { return argc; } tlsdate-0.0.7/src/test/rotate.c000066400000000000000000000005261230412117200163620ustar00rootroot00000000000000#include int main(int argc, char *argv[]) { if (argc < 7) return 3; if ( !strcmp(argv[2], "host1") && !strcmp(argv[4], "port1") && !strcmp(argv[6], "proxy1")) return 1; if ( !strcmp(argv[2], "host2") && !strcmp(argv[4], "port2") && !strcmp(argv[6], "proxy2")) return 2; return 4; } tlsdate-0.0.7/src/test/sleep-wrap.c000066400000000000000000000002201230412117200171320ustar00rootroot00000000000000#include #include int main(int argc, char *argv[]) { if (argc < 2) return 1; sleep(atoi(argv[1])); return 0; } tlsdate-0.0.7/src/test_harness.h000066400000000000000000000351331230412117200166160ustar00rootroot00000000000000/* Copyright (c) 2011 The Chromium OS Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * test_harness.h: simple C unit test helper. * * Usage: * #include "test_harness.h" * TEST(standalone_test) { * do_some_stuff; * EXPECT_GT(10, stuff) { * stuff_state_t state; * enumerate_stuff_state(&state); * TH_LOG("expectation failed with state: %s", state.msg); * } * more_stuff; * ASSERT_NE(some_stuff, NULL) TH_LOG("how did it happen?!"); * last_stuff; * EXPECT_EQ(0, last_stuff); * } * * FIXTURE(my_fixture) { * mytype_t *data; * int awesomeness_level; * }; * FIXTURE_SETUP(my_fixture) { * self->data = mytype_new(); * ASSERT_NE(NULL, self->data); * } * FIXTURE_TEARDOWN(my_fixture) { * mytype_free(self->data); * } * TEST_F(my_fixture, data_is_good) { * EXPECT_EQ(1, is_my_data_good(self->data)); * } * * TEST_HARNESS_MAIN * * API inspired by code.google.com/p/googletest */ #ifndef TEST_HARNESS_H_ #define TEST_HARNESS_H_ #ifndef _GNU_SOURCE #define _GNU_SOURCE #endif #include #include #include #include #include #include /* All exported functionality should be declared through this macro. */ #define TEST_API(x) _##x /* * Exported APIs */ /* TEST(name) { implementation } * Defines a test by name. * Names must be unique and tests must not be run in parallel. The * implementation containing block is a function and scoping should be treated * as such. Returning early may be performed with a bare "return;" statement. * * EXPECT_* and ASSERT_* are valid in a TEST() { } context. */ #define TEST TEST_API(TEST) /* FIXTURE(datatype name) { * type property1; * ... * }; * Defines the data provided to TEST_F()-defined tests as |self|. It should be * populated and cleaned up using FIXTURE_SETUP and FIXTURE_TEARDOWN. */ #define FIXTURE TEST_API(FIXTURE) /* FIXTURE_DATA(datatype name) * This call may be used when the type of the fixture data * is needed. In general, this should not be needed unless * the |self| is being passed to a helper directly. */ #define FIXTURE_DATA TEST_API(FIXTURE_DATA) /* FIXTURE_SETUP(fixture name) { implementation } * Populates the required "setup" function for a fixture. An instance of the * datatype defined with _FIXTURE_DATA will be exposed as |self| for the * implementation. * * ASSERT_* are valid for use in this context and will prempt the execution * of any dependent fixture tests. * * A bare "return;" statement may be used to return early. */ #define FIXTURE_SETUP TEST_API(FIXTURE_SETUP) /* FIXTURE_TEARDOWN(fixture name) { implementation } * Populates the required "teardown" function for a fixture. An instance of the * datatype defined with _FIXTURE_DATA will be exposed as |self| for the * implementation to clean up. * * A bare "return;" statement may be used to return early. */ #define FIXTURE_TEARDOWN TEST_API(FIXTURE_TEARDOWN) /* TEST_F(fixture, name) { implementation } * Defines a test that depends on a fixture (e.g., is part of a test case). * Very similar to TEST() except that |self| is the setup instance of fixture's * datatype exposed for use by the implementation. */ #define TEST_F TEST_API(TEST_F) /* Use once to append a main() to the test file. E.g., * TEST_HARNESS_MAIN */ #define TEST_HARNESS_MAIN TEST_API(TEST_HARNESS_MAIN) /* * Operators for use in TEST and TEST_F. * ASSERT_* calls will stop test execution immediately. * EXPECT_* calls will emit a failure warning, note it, and continue. */ /* ASSERT_EQ(expected, measured): expected == measured */ #define ASSERT_EQ TEST_API(ASSERT_EQ) /* ASSERT_NE(expected, measured): expected != measured */ #define ASSERT_NE TEST_API(ASSERT_NE) /* ASSERT_LT(expected, measured): expected < measured */ #define ASSERT_LT TEST_API(ASSERT_LT) /* ASSERT_LE(expected, measured): expected <= measured */ #define ASSERT_LE TEST_API(ASSERT_LE) /* ASSERT_GT(expected, measured): expected > measured */ #define ASSERT_GT TEST_API(ASSERT_GT) /* ASSERT_GE(expected, measured): expected >= measured */ #define ASSERT_GE TEST_API(ASSERT_GE) /* ASSERT_NULL(measured): NULL == measured */ #define ASSERT_NULL TEST_API(ASSERT_NULL) /* ASSERT_TRUE(measured): measured != 0 */ #define ASSERT_TRUE TEST_API(ASSERT_TRUE) /* ASSERT_FALSE(measured): measured == 0 */ #define ASSERT_FALSE TEST_API(ASSERT_FALSE) /* ASSERT_STREQ(expected, measured): !strcmp(expected, measured) */ #define ASSERT_STREQ TEST_API(ASSERT_STREQ) /* ASSERT_STRNE(expected, measured): strcmp(expected, measured) */ #define ASSERT_STRNE TEST_API(ASSERT_STRNE) /* EXPECT_EQ(expected, measured): expected == measured */ #define EXPECT_EQ TEST_API(EXPECT_EQ) /* EXPECT_NE(expected, measured): expected != measured */ #define EXPECT_NE TEST_API(EXPECT_NE) /* EXPECT_LT(expected, measured): expected < measured */ #define EXPECT_LT TEST_API(EXPECT_LT) /* EXPECT_LE(expected, measured): expected <= measured */ #define EXPECT_LE TEST_API(EXPECT_LE) /* EXPECT_GT(expected, measured): expected > measured */ #define EXPECT_GT TEST_API(EXPECT_GT) /* EXPECT_GE(expected, measured): expected >= measured */ #define EXPECT_GE TEST_API(EXPECT_GE) /* EXPECT_NULL(measured): NULL == measured */ #define EXPECT_NULL TEST_API(EXPECT_NULL) /* EXPECT_TRUE(measured): 0 != measured */ #define EXPECT_TRUE TEST_API(EXPECT_TRUE) /* EXPECT_FALSE(measured): 0 == measured */ #define EXPECT_FALSE TEST_API(EXPECT_FALSE) /* EXPECT_STREQ(expected, measured): !strcmp(expected, measured) */ #define EXPECT_STREQ TEST_API(EXPECT_STREQ) /* EXPECT_STRNE(expected, measured): strcmp(expected, measured) */ #define EXPECT_STRNE TEST_API(EXPECT_STRNE) /* TH_LOG(format, ...) * Optional debug logging function available for use in tests. * Logging may be enabled or disabled by defining TH_LOG_ENABLED. * E.g., #define TH_LOG_ENABLED 1 * If no definition is provided, logging is enabled by default. */ #define TH_LOG TEST_API(TH_LOG) /* * Internal implementation. * */ /* Utilities exposed to the test definitions */ #ifndef TH_LOG_STREAM # define TH_LOG_STREAM stderr #endif #ifndef TH_LOG_ENABLED # define TH_LOG_ENABLED 1 #endif #define _TH_LOG(fmt, ...) do { \ if (TH_LOG_ENABLED) \ __TH_LOG(fmt, ##__VA_ARGS__); \ } while (0) /* Unconditional logger for internal use. */ #define __TH_LOG(fmt, ...) \ fprintf(TH_LOG_STREAM, "%s:%d:%s:" fmt "\n", \ __FILE__, __LINE__, _metadata->name, ##__VA_ARGS__) /* Defines the test function and creates the registration stub. */ #define _TEST(test_name) \ static void test_name(struct __test_metadata *_metadata); \ static struct __test_metadata _##test_name##_object = \ { name: "global." #test_name, fn: &test_name }; \ static void __attribute__((constructor)) _register_##test_name(void) { \ __register_test(&_##test_name##_object); \ } \ static void test_name( \ struct __test_metadata __attribute__((unused)) *_metadata) /* Wraps the struct name so we have one less argument to pass around. */ #define _FIXTURE_DATA(fixture_name) struct _test_data_##fixture_name /* Called once per fixture to setup the data and register. */ #define _FIXTURE(fixture_name) \ static void __attribute__((constructor)) \ _register_##fixture_name##_data(void) { \ __fixture_count++; \ } \ _FIXTURE_DATA(fixture_name) /* Prepares the setup function for the fixture. |_metadata| is included * so that ASSERT_* work as a convenience. */ #define _FIXTURE_SETUP(fixture_name) \ void fixture_name##_setup( \ struct __test_metadata __attribute__((unused)) *_metadata, \ _FIXTURE_DATA(fixture_name) __attribute__((unused)) *self) #define _FIXTURE_TEARDOWN(fixture_name) \ void fixture_name##_teardown( \ struct __test_metadata __attribute__((unused)) *_metadata, \ _FIXTURE_DATA(fixture_name) __attribute__((unused)) *self) /* Emits test registration and helpers for fixture-based test * cases. * TODO(wad) register fixtures on dedicated test lists. */ #define _TEST_F(fixture_name, test_name) \ static void fixture_name##_##test_name( \ struct __test_metadata *_metadata, \ _FIXTURE_DATA(fixture_name) *self); \ static inline void wrapper_##fixture_name##_##test_name( \ struct __test_metadata *_metadata) { \ /* fixture data is allocated, setup, and torn down per call. */ \ _FIXTURE_DATA(fixture_name) self; \ memset(&self, 0, sizeof(_FIXTURE_DATA(fixture_name))); \ fixture_name##_setup(_metadata, &self); \ /* Let setup failure terminate early. */ \ if (!_metadata->passed) return; \ fixture_name##_##test_name(_metadata, &self); \ fixture_name##_teardown(_metadata, &self); \ } \ static struct __test_metadata _##fixture_name##_##test_name##_object = { \ name: #fixture_name "." #test_name, \ fn: &wrapper_##fixture_name##_##test_name, \ }; \ static void __attribute__((constructor)) \ _register_##fixture_name##_##test_name(void) { \ __register_test(&_##fixture_name##_##test_name##_object); \ } \ static void fixture_name##_##test_name( \ struct __test_metadata __attribute__((unused)) *_metadata, \ _FIXTURE_DATA(fixture_name) __attribute__((unused)) *self) /* Exports a simple wrapper to run the test harness. */ #define _TEST_HARNESS_MAIN \ int main(int argc, char **argv) { return test_harness_run(argc, argv); } #define _ASSERT_EQ(_expected, _seen) \ __EXPECT(_expected, _seen, ==, 1) #define _ASSERT_NE(_expected, _seen) \ __EXPECT(_expected, _seen, !=, 1) #define _ASSERT_LT(_expected, _seen) \ __EXPECT(_expected, _seen, <, 1) #define _ASSERT_LE(_expected, _seen) \ __EXPECT(_expected, _seen, <=, 1) #define _ASSERT_GT(_expected, _seen) \ __EXPECT(_expected, _seen, >, 1) #define _ASSERT_GE(_expected, _seen) \ __EXPECT(_expected, _seen, >=, 1) #define _ASSERT_NULL(_seen) \ __EXPECT(NULL, _seen, ==, 1) #define _ASSERT_TRUE(_seen) \ _ASSERT_NE(0, _seen) #define _ASSERT_FALSE(_seen) \ _ASSERT_EQ(0, _seen) #define _ASSERT_STREQ(_expected, _seen) \ __EXPECT_STR(_expected, _seen, ==, 1) #define _ASSERT_STRNE(_expected, _seen) \ __EXPECT_STR(_expected, _seen, !=, 1) #define _EXPECT_EQ(_expected, _seen) \ __EXPECT(_expected, _seen, ==, 0) #define _EXPECT_NE(_expected, _seen) \ __EXPECT(_expected, _seen, !=, 0) #define _EXPECT_LT(_expected, _seen) \ __EXPECT(_expected, _seen, <, 0) #define _EXPECT_LE(_expected, _seen) \ __EXPECT(_expected, _seen, <=, 0) #define _EXPECT_GT(_expected, _seen) \ __EXPECT(_expected, _seen, >, 0) #define _EXPECT_GE(_expected, _seen) \ __EXPECT(_expected, _seen, >=, 0) #define _EXPECT_NULL(_seen) \ __EXPECT(NULL, _seen, ==, 0) #define _EXPECT_TRUE(_seen) \ _EXPECT_NE(0, _seen) #define _EXPECT_FALSE(_seen) \ _EXPECT_EQ(0, _seen) #define _EXPECT_STREQ(_expected, _seen) \ __EXPECT_STR(_expected, _seen, ==, 0) #define _EXPECT_STRNE(_expected, _seen) \ __EXPECT_STR(_expected, _seen, !=, 0) /* Support an optional handler after and ASSERT_* or EXPECT_*. The approach is * not thread-safe, but it should be fine in most sane test scenarios. * * Using __bail(), which optionally abort()s, is the easiest way to early * return while still providing an optional block to the API consumer. */ #define OPTIONAL_HANDLER(_assert) \ for (; _metadata->trigger; _metadata->trigger = __bail(_assert)) #define __EXPECT(_expected, _seen, _t, _assert) do { \ /* Avoid multiple evaluation of the cases */ \ __typeof__(_expected) __exp = (_expected); \ __typeof__(_seen) __seen = (_seen); \ if (!(__exp _t __seen)) { \ unsigned long long __exp_print = 0; \ unsigned long long __seen_print = 0; \ /* Avoid casting complaints the scariest way we can. */ \ memcpy(&__exp_print, &__exp, sizeof(__exp)); \ memcpy(&__seen_print, &__seen, sizeof(__seen)); \ __TH_LOG("Expected %s (%llu) %s %s (%llu)", \ #_expected, __exp_print, #_t, \ #_seen, __seen_print); \ _metadata->passed = 0; \ /* Ensure the optional handler is triggered */ \ _metadata->trigger = 1; \ } \ } while (0); OPTIONAL_HANDLER(_assert) #define __EXPECT_STR(_expected, _seen, _t, _assert) do { \ const char *__exp = (_expected); \ const char *__seen = (_seen); \ if (!(strcmp(__exp, __seen) _t 0)) { \ __TH_LOG("Expected '%s' %s '%s'.", __exp, #_t, __seen); \ _metadata->passed = 0; \ _metadata->trigger = 1; \ } \ } while (0); OPTIONAL_HANDLER(_assert) /* Contains all the information for test execution and status checking. */ struct __test_metadata { const char *name; void (*fn)(struct __test_metadata *); int passed; int trigger; /* extra handler after the evaluation */ struct __test_metadata *prev, *next; }; /* Storage for the (global) tests to be run. */ static struct __test_metadata *__test_list = NULL; static unsigned int __test_count = 0; static unsigned int __fixture_count = 0; static inline void __register_test(struct __test_metadata *t) { __test_count++; /* Circular linked list where only prev is circular. */ if (__test_list == NULL) { __test_list = t; t->next = NULL; t->prev = t; return; } t->next = NULL; t->prev = __test_list->prev; t->prev->next = t; __test_list->prev = t; } static inline int __bail(int for_realz) { if (for_realz) abort(); return 0; } static int test_harness_run(int __attribute__((unused)) argc, char __attribute__((unused)) **argv) { struct __test_metadata *t; int ret = 0; unsigned int count = 0; /* TODO(wad) add optional arguments similar to gtest. */ printf("[==========] Running %u tests from %u test cases.\n", __test_count, __fixture_count + 1); for (t = __test_list; t; t = t->next) { pid_t child_pid; int status; count++; t->passed = 1; t->trigger = 0; printf("[ RUN ] %s\n", t->name); child_pid = fork(); if (child_pid < 0) { printf("ERROR SPAWNING TEST CHILD\n"); t->passed = 0; } else if (child_pid == 0) { t->fn(t); _exit(t->passed); } else { /* TODO(wad) add timeout support. */ waitpid(child_pid, &status, 0); if (WIFEXITED(status)) t->passed = WEXITSTATUS(status); if (WIFSIGNALED(status)) { t->passed = 0; fprintf(TH_LOG_STREAM, "%s: Test terminated unexpectedly by signal %d\n", t->name, WTERMSIG(status)); } } printf("[ %4s ] %s\n", (t->passed ? "OK" : "FAIL"), t->name); if (!t->passed) ret = 1; } /* TODO(wad) organize by fixtures since ordering is not guaranteed now. */ printf("[==========] %u tests ran.\n", count); printf("[ %s ]\n", (ret ? "FAILED" : "PASSED")); return ret; } #endif /* TEST_HARNESS_H_ */ tlsdate-0.0.7/src/tlsdate-dbus-announce.c000066400000000000000000000016431230412117200203050ustar00rootroot00000000000000/* * tlsdate-dbus-announce.c - announce date change on dbus * Copyright (c) 2012 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #include "config.h" #ifdef HAVE_DBUS #include #include int main(void) { DBusConnection *conn = NULL; DBusMessage *msg = NULL; DBusError error; uint32_t ignored; dbus_error_init(&error); conn = dbus_bus_get(DBUS_BUS_SYSTEM, &error); if (!conn) return 1; if (dbus_bus_request_name(conn, "org.torproject.tlsdate", 0, &error) < 0) return 1; msg = dbus_message_new_signal("/org/torproject/tlsdate", "org.torproject.tlsdate", "TimeUpdated"); if (!msg) return 1; if (!dbus_connection_send(conn, msg, &ignored)) return 1; dbus_connection_flush(conn); dbus_message_unref(msg); return 0; } #else int main(void) { return 2; } #endif tlsdate-0.0.7/src/tlsdate-helper-plan9.c000066400000000000000000001061221230412117200200420ustar00rootroot00000000000000/* Copyright (c) 2012, Jacob Appelbaum. * Copyright (c) 2012, The Tor Project, Inc. * Copyright (c) 2012, Christian Grothoff. */ /* See LICENSE for licensing information */ /* This file contains the license for tlsdate, a free software project to set your system clock securely. It also lists the licenses for other components used by tlsdate. For more information about tlsdate, see https://github.com/ioerror/tlsdate If you got this file as a part of a larger bundle, there may be other license terms that you should be aware of. =============================================================================== tlsdate is distributed under this license: Copyright (c) 2011-2012, Jacob Appelbaum Copyright (c) 2011-2012, The Tor Project, Inc. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the names of the copyright owners nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. =============================================================================== If you got tlsdate as a static binary with OpenSSL included, then you should know: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)" =============================================================================== */ /** * \file tlsdate-helper.c * \brief Helper program that does the actual work of setting the system clock. **/ /* * tlsdate is a tool for setting the system clock by hand or by communication * with the network. It does not set the RTC. It is designed to be as secure as * TLS (RFC 2246) but of course the security of TLS is often reduced to * whichever CA racket you believe is trustworthy. By default, tlsdate trusts * your local CA root store - so any of these companies could assist in a MITM * attack against you and you'd be screwed. * This tool is designed to be run by hand or as a system daemon. It must be * run as root or otherwise have the proper caps; it will not be able to set * the system time without running as root or another privileged user. */ #include "config.h" #include "src/tlsdate-helper-plan9.h" #ifndef USE_POLARSSL #include "src/proxy-bio-plan9.h" #else #include "src/proxy-polarssl.h" #endif #include "src/compat/clock-plan9.h" #ifndef MAP_ANONYMOUS #define MAP_ANONYMOUS MAP_ANON #endif #ifdef USE_POLARSSL #include "polarssl/entropy.h" #include "polarssl/ctr_drbg.h" #include "polarssl/ssl.h" #endif static void validate_proxy_scheme(const char *scheme) { if (!strcmp(scheme, "http")) return; if (!strcmp(scheme, "socks4")) return; if (!strcmp(scheme, "socks5")) return; die("invalid proxy scheme\n"); } static void validate_proxy_host(const char *host) { const char *kValid = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz" "0123456789" ".-"; if (strspn(host, kValid) != strlen(host)) die("invalid char in host\n"); } static void validate_proxy_port(const char *port) { while (*port) if (!isdigit(*port++)) die("invalid char in port\n"); } static void parse_proxy_uri(char *proxy, char **scheme, char **host, char **port) { /* Expecting a URI, so: '://' ':' */ *scheme = proxy; proxy = strstr(proxy, "://"); if (!proxy) die("malformed proxy URI\n"); *proxy = '\0'; /* terminate scheme string */ proxy += strlen("://"); *host = proxy; proxy = strchr(proxy, ':'); if (!proxy) die("malformed proxy URI\n"); *proxy++ = '\0'; *port = proxy; validate_proxy_scheme(*scheme); validate_proxy_host(*host); validate_proxy_port(*port); } #ifndef USE_POLARSSL static void setup_proxy(BIO *ssl) { BIO *bio; char *scheme; char *proxy_host; char *proxy_port; if (!proxy) return; /* * grab the proxy's host and port out of the URI we have for it. We want the * underlying connect BIO to connect to this, not the target host and port, so * we squirrel away the target host and port in the proxy BIO (as the proxy * target) and swap out the connect BIO's target host and port so it'll * connect to the proxy instead. */ parse_proxy_uri(proxy, &scheme, &proxy_host, &proxy_port); bio = BIO_new_proxy(); BIO_proxy_set_type(bio, scheme); BIO_proxy_set_host(bio, host); BIO_proxy_set_port(bio, atoi(port)); host = proxy_host; port = proxy_port; BIO_push(ssl, bio); } static BIO * make_ssl_bio(SSL_CTX *ctx) { BIO *con = NULL; BIO *ssl = NULL; if (!(con = BIO_new(BIO_s_connect()))) die("BIO_s_connect failed\n"); if (!(ssl = BIO_new_ssl(ctx, 1))) die("BIO_new_ssl failed\n"); setup_proxy(ssl); BIO_push(ssl, con); return ssl; } /** helper function for 'malloc' */ static void * xmalloc (size_t size) { void *ptr; if (0 == size) die("xmalloc: zero size\n"); ptr = malloc(size); if (NULL == ptr) die("xmalloc: out of memory (allocating %zu bytes)\n", size); return ptr; } /** helper function for 'free' */ static void xfree (void *ptr) { if (NULL == ptr) die("xfree: NULL pointer given as argument\n"); free(ptr); } void openssl_time_callback (const SSL* ssl, int where, int ret) { if (where == SSL_CB_CONNECT_LOOP && (ssl->state == SSL3_ST_CR_SRVR_HELLO_A || ssl->state == SSL3_ST_CR_SRVR_HELLO_B)) { /* // XXX TODO: If we want to trust the remote system for time, // can we just read that time out of the remote system and if the // cert verifies, decide that the time is reasonable? // Such a process seems to indicate that a once valid cert would be // forever valid - we stopgap that by ensuring it isn't less than // the latest compiled_time and isn't above max_reasonable_time... // XXX TODO: Solve eternal question about the Chicken and the Egg... */ uint32_t compiled_time = RECENT_COMPILE_DATE; uint32_t max_reasonable_time = MAX_REASONABLE_TIME; uint32_t server_time; verb("V: freezing time for x509 verification\n"); memcpy(&server_time, ssl->s3->server_random, sizeof(uint32_t)); if (compiled_time < ntohl(server_time) && ntohl(server_time) < max_reasonable_time) { verb("V: remote peer provided: %d, preferred over compile time: %d\n", ntohl(server_time), compiled_time); verb("V: freezing time with X509_VERIFY_PARAM_set_time\n"); X509_VERIFY_PARAM_set_time(ssl->ctx->cert_store->param, (time_t) ntohl(server_time) + 86400); } else { die("V: the remote server is a false ticker! server: %d compile: %d\n", ntohl(server_time), compiled_time); } } } uint32_t get_certificate_keybits (EVP_PKEY *public_key) { /* In theory, we could use check_bitlen_dsa() and check_bitlen_rsa() */ uint32_t key_bits; switch (public_key->type) { case EVP_PKEY_RSA: verb("V: key type: EVP_PKEY_RSA\n"); key_bits = BN_num_bits(public_key->pkey.rsa->n); break; case EVP_PKEY_RSA2: verb("V: key type: EVP_PKEY_RSA2\n"); key_bits = BN_num_bits(public_key->pkey.rsa->n); break; case EVP_PKEY_DSA: verb("V: key type: EVP_PKEY_DSA\n"); key_bits = BN_num_bits(public_key->pkey.dsa->p); break; case EVP_PKEY_DSA1: verb("V: key type: EVP_PKEY_DSA1\n"); key_bits = BN_num_bits(public_key->pkey.dsa->p); break; case EVP_PKEY_DSA2: verb("V: key type: EVP_PKEY_DSA2\n"); key_bits = BN_num_bits(public_key->pkey.dsa->p); break; case EVP_PKEY_DSA3: verb("V: key type: EVP_PKEY_DSA3\n"); key_bits = BN_num_bits(public_key->pkey.dsa->p); break; case EVP_PKEY_DSA4: verb("V: key type: EVP_PKEY_DSA4\n"); key_bits = BN_num_bits(public_key->pkey.dsa->p); break; case EVP_PKEY_DH: verb("V: key type: EVP_PKEY_DH\n"); key_bits = BN_num_bits(public_key->pkey.dh->pub_key); break; case EVP_PKEY_EC: verb("V: key type: EVP_PKEY_EC\n"); key_bits = EVP_PKEY_bits(public_key); break; // Should we also care about EVP_PKEY_HMAC and EVP_PKEY_CMAC? default: key_bits = 0; die ("unknown public key type\n"); break; } verb ("V: keybits: %d\n", key_bits); return key_bits; } uint32_t dns_label_count(char *label, char *delim) { char *label_tmp; char *saveptr; char *saveptr_tmp; uint32_t label_count; label_tmp = strdup(label); label_count = 0; saveptr = NULL; saveptr_tmp = NULL; saveptr = strtok_r(label_tmp, delim, &saveptr); if (NULL != saveptr) { // Did we find our first label? if (saveptr[0] != delim[0]) { label_count++; verb ("V: label found; total label count: %d\n", label_count); } do { // Find all subsequent labels label_count++; saveptr_tmp = strtok_r(NULL, delim, &saveptr); verb ("V: label found; total label count: %d\n", label_count); } while (NULL != saveptr_tmp); } free(label_tmp); return label_count; } // first we split strings on '.' // then we call each split string a 'label' // Do not allow '*' for the top level domain label; eg never allow *.*.com // Do not allow '*' for subsequent subdomains; eg never allow *.foo.example.com // Do allow *.example.com uint32_t check_wildcard_match_rfc2595 (const char *orig_hostname, const char *orig_cert_wild_card) { char *hostname; char *hostname_to_free; char *cert_wild_card; char *cert_wild_card_to_free; char *expected_label; char *wildcard_label; char *delim; char *wildchar; uint32_t ok; uint32_t wildcard_encountered; uint32_t label_count; // First we copy the original strings hostname = strdup(orig_hostname); cert_wild_card = strdup(orig_cert_wild_card); hostname_to_free = hostname; cert_wild_card_to_free = cert_wild_card; delim = strdup("."); wildchar = strdup("*"); verb ("V: Inspecting '%s' for possible wildcard match against '%s'\n", hostname, cert_wild_card); // By default we have not processed any labels label_count = dns_label_count(cert_wild_card, delim); // By default we have no match ok = 0; wildcard_encountered = 0; // First - do we have labels? If not, we refuse to even try to match if ((NULL != strpbrk(cert_wild_card, delim)) && (NULL != strpbrk(hostname, delim)) && (label_count <= ((uint32_t)RFC2595_MIN_LABEL_COUNT))) { if (wildchar[0] == cert_wild_card[0]) { verb ("V: Found wildcard in at start of provided certificate name\n"); do { // Skip over the bytes between the first char and until the next label wildcard_label = strtok(cert_wild_card, delim); expected_label = strtok(hostname, delim); if (NULL != wildcard_label && NULL != expected_label && NULL != hostname && NULL != cert_wild_card) { // Now we only consider this wildcard valid if the rest of the // hostnames match verbatim verb ("V: Attempting match of '%s' against '%s'\n", expected_label, wildcard_label); // This is the case where we have a label that begins with wildcard // Furthermore, we only allow this for the first label if (wildcard_label[0] == wildchar[0] && 0 == wildcard_encountered && 0 == ok) { verb ("V: Forced match of '%s' against '%s'\n", expected_label, wildcard_label); wildcard_encountered = 1; } else { verb ("V: Attempting match of '%s' against '%s'\n", hostname, cert_wild_card); if (0 == strcasecmp (expected_label, wildcard_label) && label_count >= ((uint32_t)RFC2595_MIN_LABEL_COUNT)) { ok = 1; verb ("V: remaining labels match!\n"); break; } else { ok = 0; verb ("V: remaining labels do not match!\n"); break; } } } else { // We hit this case when we have a mismatched number of labels verb("V: NULL label; no wildcard here\n"); break; } } while (0 != wildcard_encountered && label_count <= RFC2595_MIN_LABEL_COUNT); } else { verb ("V: Not a RFC 2595 wildcard\n"); } } else { verb ("V: Not a valid wildcard certificate\n"); ok = 0; } // Free our copies free(wildchar); free(delim); free(hostname_to_free); free(cert_wild_card_to_free); if (wildcard_encountered & ok && label_count >= RFC2595_MIN_LABEL_COUNT) { verb ("V: wildcard match of %s against %s\n", orig_hostname, orig_cert_wild_card); return (wildcard_encountered & ok); } else { verb ("V: wildcard match failure of %s against %s\n", orig_hostname, orig_cert_wild_card); return 0; } } #endif #ifndef USE_POLARSSL /** This extracts the first commonName and checks it against hostname. */ uint32_t check_cn (SSL *ssl, const char *hostname) { int ok = 0; int ret; char *cn_buf; X509 *certificate; X509_NAME *xname; // We cast this to cast away g++ complaining about the following: // error: invalid conversion from ‘void*’ to ‘char*’ cn_buf = (char *) xmalloc(TLSDATE_HOST_NAME_MAX + 1); certificate = SSL_get_peer_certificate(ssl); if (NULL == certificate) { die ("Unable to extract certificate\n"); } memset(cn_buf, '\0', (TLSDATE_HOST_NAME_MAX + 1)); xname = X509_get_subject_name(certificate); ret = X509_NAME_get_text_by_NID(xname, NID_commonName, cn_buf, TLSDATE_HOST_NAME_MAX); if (-1 == ret || ret != (int) strlen(cn_buf)) { die ("Unable to extract commonName\n"); } if (strcasecmp(cn_buf, hostname)) { verb ("V: commonName mismatch! Expected: %s - received: %s\n", hostname, cn_buf); } else { verb ("V: commonName matched: %s\n", cn_buf); ok = 1; } X509_NAME_free(xname); X509_free(certificate); xfree(cn_buf); return ok; } /** Search for a hostname match in the SubjectAlternativeNames. */ uint32_t check_san (SSL *ssl, const char *hostname) { X509 *cert; int extcount, ok = 0; /* What an OpenSSL mess ... */ if (NULL == (cert = SSL_get_peer_certificate(ssl))) { die ("Getting certificate failed\n"); } if ((extcount = X509_get_ext_count(cert)) > 0) { int i; for (i = 0; i < extcount; ++i) { const char *extstr; X509_EXTENSION *ext; ext = X509_get_ext(cert, i); extstr = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ext))); if (!strcmp(extstr, "subjectAltName")) { int j; void *extvalstr; const unsigned char *tmp; STACK_OF(CONF_VALUE) *val; CONF_VALUE *nval; #if OPENSSL_VERSION_NUMBER >= 0x10000000L const #endif X509V3_EXT_METHOD *method; if (!(method = X509V3_EXT_get(ext))) { break; } tmp = ext->value->data; if (method->it) { extvalstr = ASN1_item_d2i(NULL, &tmp, ext->value->length, ASN1_ITEM_ptr(method->it)); } else { extvalstr = method->d2i(NULL, &tmp, ext->value->length); } if (!extvalstr) { break; } if (method->i2v) { val = method->i2v(method, extvalstr, NULL); for (j = 0; j < sk_CONF_VALUE_num(val); ++j) { nval = sk_CONF_VALUE_value(val, j); if ((!strcasecmp(nval->name, "DNS") && !strcasecmp(nval->value, hostname) ) || (!strcasecmp(nval->name, "iPAddress") && !strcasecmp(nval->value, hostname))) { verb ("V: subjectAltName matched: %s, type: %s\n", nval->value, nval->name); /* We matched this; so it's safe to print */ ok = 1; break; } // Attempt to match subjectAltName DNS names if (!strcasecmp(nval->name, "DNS")) { ok = check_wildcard_match_rfc2595(hostname, nval->value); if (ok) { break; } } verb ("V: subjectAltName found but not matched: %s, type: %s\n", nval->value, nval->name); // XXX: Clean this string! } } } else { verb ("V: found non subjectAltName extension\n"); } if (ok) { break; } } } else { verb ("V: no X509_EXTENSION field(s) found\n"); } X509_free(cert); return ok; } uint32_t check_name (SSL *ssl, const char *hostname) { uint32_t ret; ret = check_cn(ssl, hostname); ret += check_san(ssl, hostname); if (0 != ret && 0 < ret) { verb ("V: hostname verification passed\n"); } else { die ("hostname verification failed for host %s!\n", host); } return ret; } #endif #ifdef USE_POLARSSL uint32_t verify_signature (ssl_context *ssl, const char *hostname) { int ssl_verify_result; ssl_verify_result = ssl_get_verify_result (ssl); if (ssl_verify_result & BADCERT_EXPIRED) { die ("certificate has expired\n"); } if (ssl_verify_result & BADCERT_REVOKED) { die ("certificate has been revoked\n"); } if (ssl_verify_result & BADCERT_CN_MISMATCH) { die ("CN and subject AltName mismatch for certificate\n"); } if (ssl_verify_result & BADCERT_NOT_TRUSTED) { die ("certificate is self-signed or not signed by a trusted CA\n"); } if (0 == ssl_verify_result) { verb ("V: verify success\n"); } else { die ("certificate verification error: -0x%04x\n", -ssl_verify_result); } return 0; } #else uint32_t verify_signature (SSL *ssl, const char *hostname) { long ssl_verify_result; X509 *certificate; certificate = SSL_get_peer_certificate(ssl); if (NULL == certificate) { die ("Getting certificate failed\n"); } // In theory, we verify that the cert is valid ssl_verify_result = SSL_get_verify_result(ssl); switch (ssl_verify_result) { case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: die ("certificate is self signed\n"); case X509_V_OK: verb ("V: certificate verification passed\n"); break; default: die ("certification verification error: %ld\n", ssl_verify_result); } return 0; } #endif #ifdef USE_POLARSSL void check_key_length (ssl_context *ssl) { uint32_t key_bits; const x509_cert *certificate; const rsa_context *public_key; char buf[1024]; certificate = ssl_get_peer_cert (ssl); if (NULL == certificate) { die ("Getting certificate failed\n"); } x509parse_dn_gets(buf, 1024, &certificate->subject); verb ("V: Certificate for subject '%s'\n", buf); public_key = &certificate->rsa; if (NULL == public_key) { die ("public key extraction failure\n"); } else { verb ("V: public key is ready for inspection\n"); } key_bits = mpi_msb (&public_key->N); if (MIN_PUB_KEY_LEN >= key_bits) { die ("Unsafe public key size: %d bits\n", key_bits); } else { verb ("V: key length appears safe\n"); } } #else void check_key_length (SSL *ssl) { uint32_t key_bits; X509 *certificate; EVP_PKEY *public_key; certificate = SSL_get_peer_certificate (ssl); if (NULL == certificate) { die ("Getting certificate failed\n"); } public_key = X509_get_pubkey (certificate); if (NULL == public_key) { die ("public key extraction failure\n"); } else { verb ("V: public key is ready for inspection\n"); } key_bits = get_certificate_keybits (public_key); if (MIN_PUB_KEY_LEN >= key_bits && public_key->type != EVP_PKEY_EC) { die ("Unsafe public key size: %d bits\n", key_bits); } else { if (public_key->type == EVP_PKEY_EC) if(key_bits >= MIN_ECC_PUB_KEY_LEN && key_bits <= MAX_ECC_PUB_KEY_LEN) { verb ("V: ECC key length appears safe\n"); } else { die ("Unsafe ECC key size: %d bits\n", key_bits); } else { verb ("V: key length appears safe\n"); } } EVP_PKEY_free (public_key); } #endif #ifdef USE_POLARSSL void inspect_key (ssl_context *ssl, const char *hostname) { verify_signature (ssl, hostname); // ssl_get_verify_result() already checks for CN / subjectAltName match // and reports the mismatch as error. So check_name() is not called } #else void inspect_key (SSL *ssl, const char *hostname) { verify_signature (ssl, hostname); check_name (ssl, hostname); } #endif #ifdef USE_POLARSSL void check_timestamp (uint32_t server_time) { uint32_t compiled_time = RECENT_COMPILE_DATE; uint32_t max_reasonable_time = MAX_REASONABLE_TIME; if (compiled_time < server_time && server_time < max_reasonable_time) { verb("V: remote peer provided: %d, preferred over compile time: %d\n", server_time, compiled_time); } else { die("V: the remote server is a false ticker! server: %d compile: %d\n", server_time, compiled_time); } } static int ssl_do_handshake_part(ssl_context *ssl) { int ret = 0; /* Only do steps till ServerHello is received */ while (ssl->state != SSL_SERVER_HELLO) { ret = ssl_handshake_step (ssl); if (0 != ret) { die("SSL handshake failed\n"); } } /* Do ServerHello so we can skim the timestamp */ ret = ssl_handshake_step (ssl); if (0 != ret) { die("SSL handshake failed\n"); } return 0; } /** * Run SSL handshake and store the resulting time value in the * 'time_map'. * * @param time_map where to store the current time */ static void run_ssl (uint32_t *time_map, int time_is_an_illusion) { entropy_context entropy; ctr_drbg_context ctr_drbg; ssl_context ssl; proxy_polarssl_ctx proxy_ctx; x509_cert cacert; struct stat statbuf; int ret = 0, server_fd = 0; char *pers = "tlsdate-helper"; memset (&ssl, 0, sizeof(ssl_context)); memset (&cacert, 0, sizeof(x509_cert)); verb("V: Using PolarSSL for SSL\n"); if (ca_racket) { if (-1 == stat (ca_cert_container, &statbuf)) { die("Unable to stat CA certficate container %s\n", ca_cert_container); } else { switch (statbuf.st_mode & S_IFMT) { case S_IFREG: if (0 > x509parse_crtfile(&cacert, ca_cert_container)) fprintf(stderr, "x509parse_crtfile failed\n"); break; case S_IFDIR: if (0 > x509parse_crtpath(&cacert, ca_cert_container)) fprintf(stderr, "x509parse_crtpath failed\n"); break; default: die("Unable to load CA certficate container %s\n", ca_cert_container); } } } entropy_init (&entropy); if (0 != ctr_drbg_init (&ctr_drbg, entropy_func, &entropy, (unsigned char *) pers, strlen(pers))) { die("Failed to initialize CTR_DRBG\n"); } if (0 != ssl_init (&ssl)) { die("SSL initialization failed\n"); } ssl_set_endpoint (&ssl, SSL_IS_CLIENT); ssl_set_rng (&ssl, ctr_drbg_random, &ctr_drbg); ssl_set_ca_chain (&ssl, &cacert, NULL, hostname_to_verify); if (ca_racket) { // You can do SSL_VERIFY_REQUIRED here, but then the check in // inspect_key() never happens as the ssl_handshake() will fail. ssl_set_authmode (&ssl, SSL_VERIFY_OPTIONAL); } if (proxy) { char *scheme; char *proxy_host; char *proxy_port; parse_proxy_uri (proxy, &scheme, &proxy_host, &proxy_port); verb("V: opening socket to proxy %s:%s\n", proxy_host, proxy_port); if (0 != net_connect (&server_fd, proxy_host, atoi(proxy_port))) { die ("SSL connection failed\n"); } proxy_polarssl_init (&proxy_ctx); proxy_polarssl_set_bio (&proxy_ctx, net_recv, &server_fd, net_send, &server_fd); proxy_polarssl_set_host (&proxy_ctx, host); proxy_polarssl_set_port (&proxy_ctx, atoi(port)); proxy_polarssl_set_scheme (&proxy_ctx, scheme); ssl_set_bio (&ssl, proxy_polarssl_recv, &proxy_ctx, proxy_polarssl_send, &proxy_ctx); verb("V: Handle proxy connection\n"); if (0 == proxy_ctx.f_connect (&proxy_ctx)) die("Proxy connection failed\n"); } else { verb("V: opening socket to %s:%s\n", host, port); if (0 != net_connect (&server_fd, host, atoi(port))) { die ("SSL connection failed\n"); } ssl_set_bio (&ssl, net_recv, &server_fd, net_send, &server_fd); } verb("V: starting handshake\n"); if (0 != ssl_do_handshake_part (&ssl)) die("SSL handshake first part failed\n"); uint32_t timestamp = ( (uint32_t) ssl.in_msg[6] << 24 ) | ( (uint32_t) ssl.in_msg[7] << 16 ) | ( (uint32_t) ssl.in_msg[8] << 8 ) | ( (uint32_t) ssl.in_msg[9] ); check_timestamp (timestamp); verb("V: continuing handshake\n"); /* Continue with handshake */ while (0 != (ret = ssl_handshake (&ssl))) { if (POLARSSL_ERR_NET_WANT_READ != ret && POLARSSL_ERR_NET_WANT_WRITE != ret) { die("SSL handshake failed\n"); } } // Verify the peer certificate against the CA certs on the local system if (ca_racket) { inspect_key (&ssl, hostname_to_verify); } else { verb ("V: Certificate verification skipped!\n"); } check_key_length (&ssl); memcpy (time_map, ×tamp, sizeof(uint32_t)); proxy_polarssl_free (&proxy_ctx); ssl_free (&ssl); x509_free (&cacert); } #else /* USE_POLARSSL */ /** * Run SSL handshake and store the resulting time value in the * 'time_map'. * * @param time_map where to store the current time */ static void run_ssl (uint32_t *time_map, int time_is_an_illusion) { BIO *s_bio; SSL_CTX *ctx; SSL *ssl; struct stat statbuf; SSL_load_error_strings(); SSL_library_init(); ctx = NULL; if (0 == strcmp("sslv23", protocol)) { verb ("V: using SSLv23_client_method()\n"); ctx = SSL_CTX_new(SSLv23_client_method()); } else if (0 == strcmp("sslv3", protocol)) { verb ("V: using SSLv3_client_method()\n"); ctx = SSL_CTX_new(SSLv3_client_method()); } else if (0 == strcmp("tlsv1", protocol)) { verb ("V: using TLSv1_client_method()\n"); ctx = SSL_CTX_new(TLSv1_client_method()); } else die("Unsupported protocol `%s'\n", protocol); if (ctx == NULL) die("OpenSSL failed to support protocol `%s'\n", protocol); verb("V: Using OpenSSL for SSL\n"); if (ca_racket) { if (-1 == stat(ca_cert_container, &statbuf)) { die("Unable to stat CA certficate container %s\n", ca_cert_container); } else { switch (statbuf.st_mode & S_IFMT) { case S_IFREG: if (1 != SSL_CTX_load_verify_locations(ctx, ca_cert_container, NULL)) fprintf(stderr, "SSL_CTX_load_verify_locations failed\n"); break; case S_IFDIR: if (1 != SSL_CTX_load_verify_locations(ctx, NULL, ca_cert_container)) fprintf(stderr, "SSL_CTX_load_verify_locations failed\n"); break; default: if (1 != SSL_CTX_load_verify_locations(ctx, NULL, ca_cert_container)) { fprintf(stderr, "SSL_CTX_load_verify_locations failed\n"); die("Unable to load CA certficate container %s\n", ca_cert_container); } } } } if (NULL == (s_bio = make_ssl_bio(ctx))) die ("SSL BIO setup failed\n"); BIO_get_ssl(s_bio, &ssl); if (NULL == ssl) die ("SSL setup failed\n"); if (time_is_an_illusion) { SSL_set_info_callback(ssl, openssl_time_callback); } SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); verb("V: opening socket to %s:%s\n", host, port); if ( (1 != BIO_set_conn_hostname(s_bio, host)) || (1 != BIO_set_conn_port(s_bio, port)) ) die ("Failed to initialize connection to `%s:%s'\n", host, port); if (NULL == BIO_new_fp(stdout, BIO_NOCLOSE)) die ("BIO_new_fp returned error, possibly: %s", strerror(errno)); // This should run in seccomp // eg: prctl(PR_SET_SECCOMP, 1); if (1 != BIO_do_connect(s_bio)) /* XXX TODO: BIO_should_retry() later? */ die ("SSL connection failed\n"); if (1 != BIO_do_handshake(s_bio)) die ("SSL handshake failed\n"); // Verify the peer certificate against the CA certs on the local system if (ca_racket) { inspect_key (ssl, hostname_to_verify); } else { verb ("V: Certificate verification skipped!\n"); } check_key_length(ssl); // from /usr/include/openssl/ssl3.h // ssl->s3->server_random is an unsigned char of 32 bits memcpy(time_map, ssl->s3->server_random, sizeof (uint32_t)); SSL_free(ssl); SSL_CTX_free(ctx); } #endif /* USE_POLARSSL */ /** drop root rights and become 'nobody' */ int main(int argc, char **argv) { uint32_t *time_map; struct tlsdate_time start_time, end_time, warp_time; int status; pid_t ssl_child; long long rt_time_ms; uint32_t server_time_s; int setclock; int showtime; int timewarp; int leap; if (argc != 12) return 1; host = argv[1]; hostname_to_verify = argv[1]; port = argv[2]; protocol = argv[3]; ca_cert_container = argv[6]; ca_racket = (0 != strcmp ("unchecked", argv[4])); verbose = (0 != strcmp ("quiet", argv[5])); setclock = (0 == strcmp ("setclock", argv[7])); showtime = (0 == strcmp ("showtime", argv[8])); timewarp = (0 == strcmp ("timewarp", argv[9])); leap = (0 == strcmp ("leapaway", argv[10])); proxy = (0 == strcmp ("none", argv[11]) ? NULL : argv[11]); if (timewarp) { verb ("V: RECENT_COMPILE_DATE is %lu.%06lu\n", (unsigned long) CLOCK_SEC(&warp_time), (unsigned long) CLOCK_USEC(&warp_time)); if (1 == setclock) { clock_init_time(&warp_time, RECENT_COMPILE_DATE, 0); } else { verb ("V: we'll do the time warp another time - we're not setting clock\n"); } } /* We are not going to set the clock, thus no need to stay root */ if (0 == setclock && 0 == timewarp) { drop_privs_to (UNPRIV_USER, UNPRIV_GROUP); } /* XXX: KILL ME // We cast the mmap value to remove this error when compiling with g++: // src/tlsdate-helper.c: In function ‘int main(int, char**)’: // src/tlsdate-helper.c:822:41: error: invalid conversion from ‘void*’ to ‘uint32_t time_map = (uint32_t *) mmap (NULL, sizeof (uint32_t), PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0); if (MAP_FAILED == time_map) { fprintf (stderr, "mmap failed: %s\n", strerror (errno)); return 1; } */ /* Get the current time from the system clock. */ if (0 != clock_get_real_time(&start_time)) { die ("Failed to read current time of day: %s\n", strerror (errno)); } verb ("V: time is currently %lu.%06lu\n", (unsigned long) CLOCK_SEC(&start_time), (unsigned long) CLOCK_NSEC(&start_time)); if (((unsigned long) CLOCK_SEC(&start_time)) < ((unsigned long) CLOCK_SEC(&warp_time))) { verb ("V: local clock time is less than RECENT_COMPILE_DATE\n"); if (timewarp) { verb ("V: Attempting to warp local clock into the future\n"); if (0 != clock_set_real_time(&warp_time)) { die ("setting time failed: %s (Attempted to set clock to %lu.%06lu)\n", strerror (errno), (unsigned long) CLOCK_SEC(&warp_time), (unsigned long) CLOCK_SEC(&warp_time)); } if (0 != clock_get_real_time(&start_time)) { die ("Failed to read current time of day: %s\n", strerror (errno)); } verb ("V: time is currently %lu.%06lu\n", (unsigned long) CLOCK_SEC(&start_time), (unsigned long) CLOCK_NSEC(&start_time)); verb ("V: It's just a step to the left...\n"); } } else { verb ("V: time is greater than RECENT_COMPILE_DATE\n"); } /* initialize to bogus value, just to be on the safe side */ *time_map = 0; /* Run SSL interaction in separate process (and not as 'root') */ ssl_child = fork (); if (-1 == ssl_child) die ("fork failed: %s\n", strerror (errno)); if (0 == ssl_child) { drop_privs_to (UNPRIV_USER, UNPRIV_GROUP); run_ssl (time_map, leap); /* XXX: should be a pipe close (void) munmap (time_map, sizeof (uint32_t)); */ _exit (0); } if (ssl_child != waitpid (ssl_child, &status, 0)) die ("waitpid failed: %s\n", strerror (errno)); if (! (WIFEXITED (status) && (0 == WEXITSTATUS (status)) )) die ("child process failed in SSL handshake\n"); if (0 != clock_get_real_time(&end_time)) die ("Failed to read current time of day: %s\n", strerror (errno)); /* calculate RTT */ rt_time_ms = (CLOCK_SEC(&end_time) - CLOCK_SEC(&start_time)) * 1000 + (CLOCK_USEC(&end_time) - CLOCK_USEC(&start_time)) / 1000; if (rt_time_ms < 0) rt_time_ms = 0; /* non-linear time... */ #ifdef USE_POLARSSL server_time_s = *time_map; #else server_time_s = ntohl (*time_map); #endif /* XXX: should be a pipe close munmap (time_map, sizeof (uint32_t)); */ verb ("V: server time %u (difference is about %d s) was fetched in %lld ms\n", (unsigned int) server_time_s, CLOCK_SEC(&start_time) - server_time_s, rt_time_ms); /* warning if the handshake took too long */ if (rt_time_ms > TLS_RTT_THRESHOLD) { verb ("V: the TLS handshake took more than %d msecs - consider using a different " \ "server or run it again\n", TLS_RTT_THRESHOLD); } if (showtime) { struct tm ltm; time_t tim = server_time_s; char buf[256]; localtime_r(&tim, <m); if (0 == strftime(buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y", <m)) { die ("strftime returned 0\n"); } fprintf(stdout, "%s\n", buf); } /* finally, actually set the time */ if (setclock) { struct tlsdate_time server_time; clock_init_time(&server_time, server_time_s + (rt_time_ms / 2 / 1000), (rt_time_ms / 2) % 1000); // We should never receive a time that is before the time we were last // compiled; we subscribe to the linear theory of time for this program // and this program alone! if (CLOCK_SEC(&server_time) >= MAX_REASONABLE_TIME) die("remote server is a false ticker from the future!\n"); if (CLOCK_SEC(&server_time) <= RECENT_COMPILE_DATE) die ("remote server is a false ticker!\n"); if (0 != clock_set_real_time(&server_time)) die ("setting time failed: %s (Difference from server is about %d)\n", strerror (errno), CLOCK_SEC(&start_time) - server_time_s); verb ("V: setting time succeeded\n"); } return 0; } tlsdate-0.0.7/src/tlsdate-helper-plan9.h000066400000000000000000000057761230412117200200640ustar00rootroot00000000000000/* Copyright (c) 2012, Jacob Appelbaum * Copyright (c) 2012, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** * \file tlsdate-helper.h * \brief The secondary header for our clock helper. **/ #ifndef TLSDATEHELPER_H #define TLSDATEHELPER_H #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef USE_POLARSSL #include #include #include #include #include #include #include #endif int verbose; #include "src/util.h" /** Name of user that we feel safe to run SSL handshake with. */ #ifndef UNPRIV_USER #define UNPRIV_USER "nobody" #endif #ifndef UNPRIV_GROUP #define UNPRIV_GROUP "nogroup" #endif // We should never accept a time before we were compiled // We measure in seconds since the epoch - eg: echo `date '+%s'` // We set this manually to ensure others can reproduce a build; // automation of this will make every build different! #ifndef RECENT_COMPILE_DATE #define RECENT_COMPILE_DATE (uint32_t) 1342323666 #endif #ifndef MAX_REASONABLE_TIME #define MAX_REASONABLE_TIME (uint32_t) 1999991337 #endif #ifndef MIN_PUB_KEY_LEN #define MIN_PUB_KEY_LEN (uint32_t) 1023 #endif #ifndef MIN_ECC_PUB_KEY_LEN #define MIN_ECC_PUB_KEY_LEN (uint32_t) 160 #endif #ifndef MAX_ECC_PUB_KEY_LEN #define MAX_ECC_PUB_KEY_LEN (uint32_t) 521 #endif // After the duration of the TLS handshake exceeds this threshold // (in msec), a warning is printed. #define TLS_RTT_THRESHOLD 2000 // RFC 5280 says... // ub-common-name-length INTEGER ::= 64 #define MAX_CN_NAME_LENGTH 64 // RFC 1034 and posix say... #define TLSDATE_HOST_NAME_MAX 255 // To support our RFC 2595 wildcard verification #define RFC2595_MIN_LABEL_COUNT 3 static int ca_racket; static const char *host; static const char *hostname_to_verify; static const char *port; static const char *protocol; static char *proxy; static const char *ca_cert_container; #ifndef USE_POLARSSL void openssl_time_callback (const SSL* ssl, int where, int ret); uint32_t get_certificate_keybits (EVP_PKEY *public_key); uint32_t check_cn (SSL *ssl, const char *hostname); uint32_t check_san (SSL *ssl, const char *hostname); long openssl_check_against_host_and_verify (SSL *ssl); uint32_t check_name (SSL *ssl, const char *hostname); uint32_t verify_signature (SSL *ssl, const char *hostname); void check_key_length (SSL *ssl); void inspect_key (SSL *ssl, const char *hostname); void check_key_length (SSL *ssl); void inspect_key (SSL *ssl, const char *hostname); #endif uint32_t dns_label_count (char *label, char *delim); uint32_t check_wildcard_match_rfc2595 (const char *orig_hostname, const char *orig_cert_wild_card); static void run_ssl (uint32_t *time_map, int time_is_an_illusion); #endif tlsdate-0.0.7/src/tlsdate-helper.c000066400000000000000000001202131230412117200170160ustar00rootroot00000000000000/* Copyright (c) 2012, Jacob Appelbaum. * Copyright (c) 2012, The Tor Project, Inc. * Copyright (c) 2012, Christian Grothoff. */ /* See LICENSE for licensing information */ /* This file contains the license for tlsdate, a free software project to set your system clock securely. It also lists the licenses for other components used by tlsdate. For more information about tlsdate, see https://github.com/ioerror/tlsdate If you got this file as a part of a larger bundle, there may be other license terms that you should be aware of. =============================================================================== tlsdate is distributed under this license: Copyright (c) 2011-2012, Jacob Appelbaum Copyright (c) 2011-2012, The Tor Project, Inc. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the names of the copyright owners nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. =============================================================================== If you got tlsdate as a static binary with OpenSSL included, then you should know: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)" =============================================================================== */ /** * \file tlsdate-helper.c * \brief Helper program that does the actual work of setting the system clock. **/ /* * tlsdate is a tool for setting the system clock by hand or by communication * with the network. It does not set the RTC. It is designed to be as secure as * TLS (RFC 2246) but of course the security of TLS is often reduced to * whichever CA racket you believe is trustworthy. By default, tlsdate trusts * your local CA root store - so any of these companies could assist in a MITM * attack against you and you'd be screwed. * This tool is designed to be run by hand or as a system daemon. It must be * run as root or otherwise have the proper caps; it will not be able to set * the system time without running as root or another privileged user. */ #include "config.h" #include "src/tlsdate-helper.h" #include "src/util.h" #ifndef USE_POLARSSL #include "src/proxy-bio.h" #else #include "src/proxy-polarssl.h" #endif #include "src/compat/clock.h" #ifndef MAP_ANONYMOUS #define MAP_ANONYMOUS MAP_ANON #endif #ifdef USE_POLARSSL #include "polarssl/entropy.h" #include "polarssl/ctr_drbg.h" #include "polarssl/ssl.h" #endif static void validate_proxy_scheme(const char *scheme) { if (!strcmp(scheme, "http")) return; if (!strcmp(scheme, "socks4")) return; if (!strcmp(scheme, "socks5")) return; die("invalid proxy scheme\n"); } static void validate_proxy_host(const char *host) { const char *kValid = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz" "0123456789" ".-"; if (strspn(host, kValid) != strlen(host)) die("invalid char in host\n"); } static void validate_proxy_port(const char *port) { while (*port) if (!isdigit((int)(unsigned char)*port++)) die("invalid char in port\n"); } static void parse_proxy_uri(char *proxy, char **scheme, char **host, char **port) { /* Expecting a URI, so: '://' ':' */ *scheme = proxy; proxy = strstr(proxy, "://"); if (!proxy) die("malformed proxy URI\n"); *proxy = '\0'; /* terminate scheme string */ proxy += strlen("://"); *host = proxy; proxy = strchr(proxy, ':'); if (!proxy) die("malformed proxy URI\n"); *proxy++ = '\0'; *port = proxy; validate_proxy_scheme(*scheme); validate_proxy_host(*host); validate_proxy_port(*port); } #ifndef USE_POLARSSL static void setup_proxy(BIO *ssl) { BIO *bio; char *scheme; char *proxy_host; char *proxy_port; if (!proxy) return; /* * grab the proxy's host and port out of the URI we have for it. We want the * underlying connect BIO to connect to this, not the target host and port, so * we squirrel away the target host and port in the proxy BIO (as the proxy * target) and swap out the connect BIO's target host and port so it'll * connect to the proxy instead. */ parse_proxy_uri(proxy, &scheme, &proxy_host, &proxy_port); bio = BIO_new_proxy(); BIO_proxy_set_type(bio, scheme); BIO_proxy_set_host(bio, host); BIO_proxy_set_port(bio, atoi(port)); host = proxy_host; port = proxy_port; BIO_push(ssl, bio); } static BIO * make_ssl_bio(SSL_CTX *ctx) { BIO *con = NULL; BIO *ssl = NULL; if (!(con = BIO_new(BIO_s_connect()))) die("BIO_s_connect failed\n"); if (!(ssl = BIO_new_ssl(ctx, 1))) die("BIO_new_ssl failed\n"); setup_proxy(ssl); BIO_push(ssl, con); return ssl; } static int write_all_to_bio(BIO *bio, const char *string) { int n = (int) strlen(string); int r; while (n) { r = BIO_write(bio, string, n); if (r > 0) { if (r > n) return -1; n -= r; string += r; } else { return 0; } } return 1; } /* If the string is all nice clean ascii that it's safe to log, return * it. Otherwise return a placeholder "This is junk" string. */ static const char * sanitize_string(const char *s) { const unsigned char *cp; for (cp = (const unsigned char *)s; *cp; cp++) { if (*cp < 32 || *cp >= 127) return "string with invalid characters"; } return s; } static int handle_date_line(const char *dateline, uint32_t *result) { int year,mon,day,hour,min,sec; char month[4]; struct tm tm; int i; time_t t; /* We recognize the three formats in RFC2616, section 3.3.1. Month names are always in English. The formats are: Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123 Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036 Sun Nov 6 08:49:37 1994 ; ANSI C's asctime() format Note that the first is preferred. */ static const char *MONTHS[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec", NULL }; if (strncmp("\r\nDate: ", dateline, 8)) return 0; dateline += 8; if (strlen(dateline) > MAX_DATE_LINE_LEN) { verb("V: The date line was impossibly long.\n"); return -1; } verb("V: The alleged date is <%s>\n", sanitize_string(dateline)); while (*dateline == ' ') ++dateline; while (*dateline && *dateline != ' ') ++dateline; while (*dateline == ' ') ++dateline; /* We just skipped over the day of the week. Now we have:*/ if (sscanf(dateline, "%d %3s %d %d:%d:%d", &day, month, &year, &hour, &min, &sec) == 6 || sscanf(dateline, "%d-%3s-%d %d:%d:%d", &day, month, &year, &hour, &min, &sec) == 6 || sscanf(dateline, "%3s %d %d:%d:%d %d", month, &day, &hour, &min, &sec, &year) == 6) { /* Two digit dates are defined to be relative to 1900; all other dates * are supposed to be represented as four digits. */ if (year < 100) year += 1900; verb("V: Parsed the date: %04d-%s-%02d %02d:%02d:%02d\n", year, month, day, hour, min, sec); } else { verb("V: Couldn't parse date.\n"); return -1; } for (i = 0; ; ++i) { if (!MONTHS[i]) return -2; if (!strcmp(month, MONTHS[i])) { mon = i; break; } } memset(&tm, 0, sizeof(tm)); tm.tm_year = year - 1900; tm.tm_mon = mon; tm.tm_mday = day; tm.tm_hour = hour; tm.tm_min = min; tm.tm_sec = sec; t = timegm(&tm); if (t > 0xffffffff || t < 0) return -1; *result = (uint32_t) t; return 1; } static int read_http_date_from_bio(BIO *bio, uint32_t *result) { int n; char buf[MAX_HTTP_HEADERS_SIZE]; int buf_len=0; char *dateline, *endofline; while (buf_len < sizeof(buf)-1) { n = BIO_read(bio, buf+buf_len, sizeof(buf)-buf_len-1); if (n <= 0) return 0; buf_len += n; buf[buf_len] = 0; verb_debug ("V: read %d bytes.\n", n, buf); dateline = memmem(buf, buf_len, "\r\nDate: ", 8); if (NULL == dateline) continue; endofline = memmem(dateline+2, buf_len - (dateline-buf+2), "\r\n", 2); if (NULL == endofline) continue; *endofline = 0; return handle_date_line(dateline, result); } return -2; } /** helper function for 'malloc' */ static void * xmalloc (size_t size) { void *ptr; if (0 == size) die("xmalloc: zero size\n"); ptr = malloc(size); if (NULL == ptr) die("xmalloc: out of memory (allocating %zu bytes)\n", size); return ptr; } /** helper function for 'free' */ static void xfree (void *ptr) { if (NULL == ptr) die("xfree: NULL pointer given as argument\n"); free(ptr); } void openssl_time_callback (const SSL* ssl, int where, int ret) { if (where == SSL_CB_CONNECT_LOOP && (ssl->state == SSL3_ST_CR_SRVR_HELLO_A || ssl->state == SSL3_ST_CR_SRVR_HELLO_B)) { // XXX TODO: If we want to trust the remote system for time, // can we just read that time out of the remote system and if the // cert verifies, decide that the time is reasonable? // Such a process seems to indicate that a once valid cert would be // forever valid - we stopgap that by ensuring it isn't less than // the latest compiled_time and isn't above max_reasonable_time... // XXX TODO: Solve eternal question about the Chicken and the Egg... uint32_t compiled_time = RECENT_COMPILE_DATE; uint32_t max_reasonable_time = MAX_REASONABLE_TIME; uint32_t server_time; verb("V: freezing time for x509 verification\n"); memcpy(&server_time, ssl->s3->server_random, sizeof(uint32_t)); if (compiled_time < ntohl(server_time) && ntohl(server_time) < max_reasonable_time) { verb("V: remote peer provided: %d, preferred over compile time: %d\n", ntohl(server_time), compiled_time); verb("V: freezing time with X509_VERIFY_PARAM_set_time\n"); X509_VERIFY_PARAM_set_time(ssl->ctx->cert_store->param, (time_t) ntohl(server_time) + 86400); } else { die("V: the remote server is a false ticker! server: %d compile: %d\n", ntohl(server_time), compiled_time); } } } uint32_t get_certificate_keybits (EVP_PKEY *public_key) { /* In theory, we could use check_bitlen_dsa() and check_bitlen_rsa() */ uint32_t key_bits; switch (public_key->type) { case EVP_PKEY_RSA: verb("V: key type: EVP_PKEY_RSA\n"); key_bits = BN_num_bits(public_key->pkey.rsa->n); break; case EVP_PKEY_RSA2: verb("V: key type: EVP_PKEY_RSA2\n"); key_bits = BN_num_bits(public_key->pkey.rsa->n); break; case EVP_PKEY_DSA: verb("V: key type: EVP_PKEY_DSA\n"); key_bits = BN_num_bits(public_key->pkey.dsa->p); break; case EVP_PKEY_DSA1: verb("V: key type: EVP_PKEY_DSA1\n"); key_bits = BN_num_bits(public_key->pkey.dsa->p); break; case EVP_PKEY_DSA2: verb("V: key type: EVP_PKEY_DSA2\n"); key_bits = BN_num_bits(public_key->pkey.dsa->p); break; case EVP_PKEY_DSA3: verb("V: key type: EVP_PKEY_DSA3\n"); key_bits = BN_num_bits(public_key->pkey.dsa->p); break; case EVP_PKEY_DSA4: verb("V: key type: EVP_PKEY_DSA4\n"); key_bits = BN_num_bits(public_key->pkey.dsa->p); break; case EVP_PKEY_DH: verb("V: key type: EVP_PKEY_DH\n"); key_bits = BN_num_bits(public_key->pkey.dh->pub_key); break; case EVP_PKEY_EC: verb("V: key type: EVP_PKEY_EC\n"); key_bits = EVP_PKEY_bits(public_key); break; // Should we also care about EVP_PKEY_HMAC and EVP_PKEY_CMAC? default: key_bits = 0; die ("unknown public key type\n"); break; } verb ("V: keybits: %d\n", key_bits); return key_bits; } uint32_t dns_label_count(char *label, char *delim) { char *label_tmp; char *saveptr; char *saveptr_tmp; uint32_t label_count; label_tmp = strdup(label); label_count = 0; saveptr = NULL; saveptr_tmp = NULL; saveptr = strtok_r(label_tmp, delim, &saveptr); if (NULL != saveptr) { // Did we find our first label? if (saveptr[0] != delim[0]) { label_count++; } do { // Find all subsequent labels label_count++; saveptr_tmp = strtok_r(NULL, delim, &saveptr); } while (NULL != saveptr_tmp); } verb_debug ("V: label found; total label count: %d\n", label_count); free(label_tmp); return label_count; } // first we split strings on '.' // then we call each split string a 'label' // Do not allow '*' for the top level domain label; eg never allow *.*.com // Do not allow '*' for subsequent subdomains; eg never allow *.foo.example.com // Do allow *.example.com uint32_t check_wildcard_match_rfc2595 (const char *orig_hostname, const char *orig_cert_wild_card) { char *hostname; char *hostname_to_free; char *cert_wild_card; char *cert_wild_card_to_free; char *expected_label; char *wildcard_label; char *delim; char *wildchar; uint32_t ok; uint32_t wildcard_encountered; uint32_t label_count; // First we copy the original strings hostname = strndup(orig_hostname, strlen(orig_hostname)); cert_wild_card = strndup(orig_cert_wild_card, strlen(orig_cert_wild_card)); hostname_to_free = hostname; cert_wild_card_to_free = cert_wild_card; delim = strdup("."); wildchar = strdup("*"); verb_debug ("V: Inspecting '%s' for possible wildcard match against '%s'\n", hostname, cert_wild_card); // By default we have not processed any labels label_count = dns_label_count(cert_wild_card, delim); // By default we have no match ok = 0; wildcard_encountered = 0; // First - do we have labels? If not, we refuse to even try to match if ((NULL != strpbrk(cert_wild_card, delim)) && (NULL != strpbrk(hostname, delim)) && (label_count <= ((uint32_t)RFC2595_MIN_LABEL_COUNT))) { if (wildchar[0] == cert_wild_card[0]) { verb_debug ("V: Found wildcard in at start of provided certificate name\n"); do { // Skip over the bytes between the first char and until the next label wildcard_label = strsep(&cert_wild_card, delim); expected_label = strsep(&hostname, delim); if (NULL != wildcard_label && NULL != expected_label && NULL != hostname && NULL != cert_wild_card) { // Now we only consider this wildcard valid if the rest of the // hostnames match verbatim verb_debug ("V: Attempting match of '%s' against '%s'\n", expected_label, wildcard_label); // This is the case where we have a label that begins with wildcard // Furthermore, we only allow this for the first label if (wildcard_label[0] == wildchar[0] && 0 == wildcard_encountered && 0 == ok) { verb ("V: Forced match of '%s' against '%s'\n", expected_label, wildcard_label); wildcard_encountered = 1; } else { verb_debug ("V: Attempting match of '%s' against '%s'\n", hostname, cert_wild_card); if (0 == strcasecmp (expected_label, wildcard_label) && label_count >= ((uint32_t)RFC2595_MIN_LABEL_COUNT)) { ok = 1; verb_debug ("V: remaining labels match!\n"); break; } else { ok = 0; verb_debug ("V: remaining labels do not match!\n"); break; } } } else { // We hit this case when we have a mismatched number of labels verb_debug ("V: NULL label; no wildcard here\n"); break; } } while (0 != wildcard_encountered && label_count <= RFC2595_MIN_LABEL_COUNT); } else { verb_debug ("V: Not a RFC 2595 wildcard\n"); } } else { verb_debug ("V: Not a valid wildcard certificate\n"); ok = 0; } // Free our copies free(wildchar); free(delim); free(hostname_to_free); free(cert_wild_card_to_free); if (wildcard_encountered & ok && label_count >= RFC2595_MIN_LABEL_COUNT) { verb_debug ("V: wildcard match of %s against %s\n", orig_hostname, orig_cert_wild_card); return (wildcard_encountered & ok); } else { verb_debug ("V: wildcard match failure of %s against %s\n", orig_hostname, orig_cert_wild_card); return 0; } } #endif #ifndef USE_POLARSSL /** This extracts the first commonName and checks it against hostname. */ uint32_t check_cn (SSL *ssl, const char *hostname) { int ok = 0; int ret; char *cn_buf; X509 *certificate; X509_NAME *xname; // We cast this to cast away g++ complaining about the following: // error: invalid conversion from ‘void*’ to ‘char*’ cn_buf = (char *) xmalloc(TLSDATE_HOST_NAME_MAX + 1); certificate = SSL_get_peer_certificate(ssl); if (NULL == certificate) { die ("Unable to extract certificate\n"); } memset(cn_buf, '\0', (TLSDATE_HOST_NAME_MAX + 1)); xname = X509_get_subject_name(certificate); ret = X509_NAME_get_text_by_NID(xname, NID_commonName, cn_buf, TLSDATE_HOST_NAME_MAX); if (-1 == ret || ret != (int) strlen(cn_buf)) { die ("Unable to extract commonName\n"); } if (strcasecmp(cn_buf, hostname)) { verb ("V: commonName mismatch! Expected: %s - received: %s\n", hostname, cn_buf); } else { verb ("V: commonName matched: %s\n", cn_buf); ok = 1; } X509_NAME_free(xname); X509_free(certificate); xfree(cn_buf); return ok; } /** Search for a hostname match in the SubjectAlternativeNames. */ uint32_t check_san (SSL *ssl, const char *hostname) { X509 *cert; int extcount, ok = 0; /* What an OpenSSL mess ... */ if (NULL == (cert = SSL_get_peer_certificate(ssl))) { die ("Getting certificate failed\n"); } if ((extcount = X509_get_ext_count(cert)) > 0) { int i; for (i = 0; i < extcount; ++i) { const char *extstr; X509_EXTENSION *ext; ext = X509_get_ext(cert, i); extstr = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ext))); if (!strcmp(extstr, "subjectAltName")) { int j; void *extvalstr; const unsigned char *tmp; STACK_OF(CONF_VALUE) *val; CONF_VALUE *nval; #if OPENSSL_VERSION_NUMBER >= 0x10000000L const #endif X509V3_EXT_METHOD *method; if (!(method = X509V3_EXT_get(ext))) { break; } tmp = ext->value->data; if (method->it) { extvalstr = ASN1_item_d2i(NULL, &tmp, ext->value->length, ASN1_ITEM_ptr(method->it)); } else { extvalstr = method->d2i(NULL, &tmp, ext->value->length); } if (!extvalstr) { break; } if (method->i2v) { val = method->i2v(method, extvalstr, NULL); for (j = 0; j < sk_CONF_VALUE_num(val); ++j) { nval = sk_CONF_VALUE_value(val, j); if ((!strcasecmp(nval->name, "DNS") && !strcasecmp(nval->value, hostname) ) || (!strcasecmp(nval->name, "iPAddress") && !strcasecmp(nval->value, hostname))) { verb ("V: subjectAltName matched: %s, type: %s\n", nval->value, nval->name); // We matched this; so it's safe to print ok = 1; break; } // Attempt to match subjectAltName DNS names if (!strcasecmp(nval->name, "DNS")) { ok = check_wildcard_match_rfc2595(hostname, nval->value); if (ok) { break; } } verb_debug ("V: subjectAltName found but not matched: %s, type: %s\n", nval->value, nval->name); // XXX: Clean this string! } } } else { verb_debug ("V: found non subjectAltName extension\n"); } if (ok) { break; } } } else { verb_debug ("V: no X509_EXTENSION field(s) found\n"); } X509_free(cert); return ok; } uint32_t check_name (SSL *ssl, const char *hostname) { uint32_t ret; ret = check_cn(ssl, hostname); ret += check_san(ssl, hostname); if (0 != ret && 0 < ret) { verb ("V: hostname verification passed\n"); } else { die ("hostname verification failed for host %s!\n", host); } return ret; } #endif #ifdef USE_POLARSSL uint32_t verify_signature (ssl_context *ssl, const char *hostname) { int ssl_verify_result; ssl_verify_result = ssl_get_verify_result (ssl); if (ssl_verify_result & BADCERT_EXPIRED) { die ("certificate has expired\n"); } if (ssl_verify_result & BADCERT_REVOKED) { die ("certificate has been revoked\n"); } if (ssl_verify_result & BADCERT_CN_MISMATCH) { die ("CN and subject AltName mismatch for certificate\n"); } if (ssl_verify_result & BADCERT_NOT_TRUSTED) { die ("certificate is self-signed or not signed by a trusted CA\n"); } if (0 == ssl_verify_result) { verb ("V: verify success\n"); } else { die ("certificate verification error: -0x%04x\n", -ssl_verify_result); } return 0; } #else uint32_t verify_signature (SSL *ssl, const char *hostname) { long ssl_verify_result; X509 *certificate; certificate = SSL_get_peer_certificate(ssl); if (NULL == certificate) { die ("Getting certificate failed\n"); } // In theory, we verify that the cert is valid ssl_verify_result = SSL_get_verify_result(ssl); switch (ssl_verify_result) { case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: die ("certificate is self signed\n"); case X509_V_OK: verb ("V: certificate verification passed\n"); break; default: die ("certification verification error: %ld\n", ssl_verify_result); } return 0; } #endif #ifdef USE_POLARSSL void check_key_length (ssl_context *ssl) { uint32_t key_bits; const x509_cert *certificate; const rsa_context *public_key; char buf[1024]; certificate = ssl_get_peer_cert (ssl); if (NULL == certificate) { die ("Getting certificate failed\n"); } x509parse_dn_gets(buf, 1024, &certificate->subject); verb_debug ("V: Certificate for subject '%s'\n", buf); public_key = &certificate->rsa; if (NULL == public_key) { die ("public key extraction failure\n"); } else { verb_debug ("V: public key is ready for inspection\n"); } key_bits = mpi_msb (&public_key->N); if (MIN_PUB_KEY_LEN >= key_bits) { die ("Unsafe public key size: %d bits\n", key_bits); } else { verb_debug ("V: key length appears safe\n"); } } #else void check_key_length (SSL *ssl) { uint32_t key_bits; X509 *certificate; EVP_PKEY *public_key; certificate = SSL_get_peer_certificate (ssl); if (NULL == certificate) { die ("Getting certificate failed\n"); } public_key = X509_get_pubkey (certificate); if (NULL == public_key) { die ("public key extraction failure\n"); } else { verb_debug ("V: public key is ready for inspection\n"); } key_bits = get_certificate_keybits (public_key); if (MIN_PUB_KEY_LEN >= key_bits && public_key->type != EVP_PKEY_EC) { die ("Unsafe public key size: %d bits\n", key_bits); } else { if (public_key->type == EVP_PKEY_EC) if(key_bits >= MIN_ECC_PUB_KEY_LEN && key_bits <= MAX_ECC_PUB_KEY_LEN) { verb_debug ("V: ECC key length appears safe\n"); } else { die ("Unsafe ECC key size: %d bits\n", key_bits); } else { verb_debug ("V: key length appears safe\n"); } } EVP_PKEY_free (public_key); } #endif #ifdef USE_POLARSSL void inspect_key (ssl_context *ssl, const char *hostname) { verify_signature (ssl, hostname); // ssl_get_verify_result() already checks for CN / subjectAltName match // and reports the mismatch as error. So check_name() is not called } #else void inspect_key (SSL *ssl, const char *hostname) { verify_signature (ssl, hostname); check_name (ssl, hostname); } #endif #ifdef USE_POLARSSL void check_timestamp (uint32_t server_time) { uint32_t compiled_time = RECENT_COMPILE_DATE; uint32_t max_reasonable_time = MAX_REASONABLE_TIME; if (compiled_time < server_time && server_time < max_reasonable_time) { verb("V: remote peer provided: %d, preferred over compile time: %d\n", server_time, compiled_time); } else { die("V: the remote server is a false ticker! server: %d compile: %d\n", server_time, compiled_time); } } static int ssl_do_handshake_part(ssl_context *ssl) { int ret = 0; /* Only do steps till ServerHello is received */ while (ssl->state != SSL_SERVER_HELLO) { ret = ssl_handshake_step (ssl); if (0 != ret) { die("SSL handshake failed\n"); } } /* Do ServerHello so we can skim the timestamp */ ret = ssl_handshake_step (ssl); if (0 != ret) { die("SSL handshake failed\n"); } return 0; } /** * Run SSL handshake and store the resulting time value in the * 'time_map'. * * @param time_map where to store the current time * @param time_is_an_illusion * @param http whether to do an http request and take the date from that * instead. */ static void run_ssl (uint32_t *time_map, int time_is_an_illusion, int http) { entropy_context entropy; ctr_drbg_context ctr_drbg; ssl_context ssl; proxy_polarssl_ctx proxy_ctx; x509_cert cacert; struct stat statbuf; int ret = 0, server_fd = 0; char *pers = "tlsdate-helper"; memset (&ssl, 0, sizeof(ssl_context)); memset (&cacert, 0, sizeof(x509_cert)); verb("V: Using PolarSSL for SSL\n"); if (ca_racket) { if (-1 == stat (ca_cert_container, &statbuf)) { die("Unable to stat CA certficate container %s\n", ca_cert_container); } else { switch (statbuf.st_mode & S_IFMT) { case S_IFREG: if (0 > x509parse_crtfile(&cacert, ca_cert_container)) fprintf(stderr, "x509parse_crtfile failed\n"); break; case S_IFDIR: if (0 > x509parse_crtpath(&cacert, ca_cert_container)) fprintf(stderr, "x509parse_crtpath failed\n"); break; default: die("Unable to load CA certficate container %s\n", ca_cert_container); } } } entropy_init (&entropy); if (0 != ctr_drbg_init (&ctr_drbg, entropy_func, &entropy, (unsigned char *) pers, strlen(pers))) { die("Failed to initialize CTR_DRBG\n"); } if (0 != ssl_init (&ssl)) { die("SSL initialization failed\n"); } ssl_set_endpoint (&ssl, SSL_IS_CLIENT); ssl_set_rng (&ssl, ctr_drbg_random, &ctr_drbg); ssl_set_ca_chain (&ssl, &cacert, NULL, hostname_to_verify); if (ca_racket) { // You can do SSL_VERIFY_REQUIRED here, but then the check in // inspect_key() never happens as the ssl_handshake() will fail. ssl_set_authmode (&ssl, SSL_VERIFY_OPTIONAL); } if (proxy) { char *scheme; char *proxy_host; char *proxy_port; parse_proxy_uri (proxy, &scheme, &proxy_host, &proxy_port); verb("V: opening socket to proxy %s:%s\n", proxy_host, proxy_port); if (0 != net_connect (&server_fd, proxy_host, atoi(proxy_port))) { die ("SSL connection failed\n"); } proxy_polarssl_init (&proxy_ctx); proxy_polarssl_set_bio (&proxy_ctx, net_recv, &server_fd, net_send, &server_fd); proxy_polarssl_set_host (&proxy_ctx, host); proxy_polarssl_set_port (&proxy_ctx, atoi(port)); proxy_polarssl_set_scheme (&proxy_ctx, scheme); ssl_set_bio (&ssl, proxy_polarssl_recv, &proxy_ctx, proxy_polarssl_send, &proxy_ctx); verb("V: Handle proxy connection\n"); if (0 == proxy_ctx.f_connect (&proxy_ctx)) die("Proxy connection failed\n"); } else { verb("V: opening socket to %s:%s\n", host, port); if (0 != net_connect (&server_fd, host, atoi(port))) { die ("SSL connection failed\n"); } ssl_set_bio (&ssl, net_recv, &server_fd, net_send, &server_fd); } verb("V: starting handshake\n"); if (0 != ssl_do_handshake_part (&ssl)) die("SSL handshake first part failed\n"); uint32_t timestamp = ( (uint32_t) ssl.in_msg[6] << 24 ) | ( (uint32_t) ssl.in_msg[7] << 16 ) | ( (uint32_t) ssl.in_msg[8] << 8 ) | ( (uint32_t) ssl.in_msg[9] ); check_timestamp (timestamp); verb("V: continuing handshake\n"); /* Continue with handshake */ while (0 != (ret = ssl_handshake (&ssl))) { if (POLARSSL_ERR_NET_WANT_READ != ret && POLARSSL_ERR_NET_WANT_WRITE != ret) { die("SSL handshake failed\n"); } } // Verify the peer certificate against the CA certs on the local system if (ca_racket) { inspect_key (&ssl, hostname_to_verify); } else { verb ("V: Certificate verification skipped!\n"); } check_key_length (&ssl); memcpy (time_map, ×tamp, sizeof(uint32_t)); proxy_polarssl_free (&proxy_ctx); ssl_free (&ssl); x509_free (&cacert); } #else /* USE_POLARSSL */ /** * Run SSL handshake and store the resulting time value in the * 'time_map'. * * @param time_map where to store the current time * @param time_is_an_illusion * @param http whether to do an http request and take the date from that * instead. */ static void run_ssl (uint32_t *time_map, int time_is_an_illusion, int http) { BIO *s_bio; SSL_CTX *ctx; SSL *ssl; struct stat statbuf; uint32_t result_time; SSL_load_error_strings(); SSL_library_init(); ctx = NULL; if (0 == strcmp("sslv23", protocol)) { verb ("V: using SSLv23_client_method()\n"); ctx = SSL_CTX_new(SSLv23_client_method()); } else if (0 == strcmp("sslv3", protocol)) { verb ("V: using SSLv3_client_method()\n"); ctx = SSL_CTX_new(SSLv3_client_method()); } else if (0 == strcmp("tlsv1", protocol)) { verb ("V: using TLSv1_client_method()\n"); ctx = SSL_CTX_new(TLSv1_client_method()); } else die("Unsupported protocol `%s'\n", protocol); if (ctx == NULL) die("OpenSSL failed to support protocol `%s'\n", protocol); verb("V: Using OpenSSL for SSL\n"); if (ca_racket) { if (-1 == stat(ca_cert_container, &statbuf)) { die("Unable to stat CA certficate container %s\n", ca_cert_container); } else { switch (statbuf.st_mode & S_IFMT) { case S_IFREG: if (1 != SSL_CTX_load_verify_locations(ctx, ca_cert_container, NULL)) fprintf(stderr, "SSL_CTX_load_verify_locations failed\n"); break; case S_IFDIR: if (1 != SSL_CTX_load_verify_locations(ctx, NULL, ca_cert_container)) fprintf(stderr, "SSL_CTX_load_verify_locations failed\n"); break; default: if (1 != SSL_CTX_load_verify_locations(ctx, NULL, ca_cert_container)) { fprintf(stderr, "SSL_CTX_load_verify_locations failed\n"); die("Unable to load CA certficate container %s\n", ca_cert_container); } } } } if (NULL == (s_bio = make_ssl_bio(ctx))) die ("SSL BIO setup failed\n"); BIO_get_ssl(s_bio, &ssl); if (NULL == ssl) die ("SSL setup failed\n"); if (time_is_an_illusion) { SSL_set_info_callback(ssl, openssl_time_callback); } SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); verb("V: opening socket to %s:%s\n", host, port); if ( (1 != BIO_set_conn_hostname(s_bio, host)) || (1 != BIO_set_conn_port(s_bio, port)) ) die ("Failed to initialize connection to `%s:%s'\n", host, port); if (NULL == BIO_new_fp(stdout, BIO_NOCLOSE)) die ("BIO_new_fp returned error, possibly: %s", strerror(errno)); // This should run in seccomp // eg: prctl(PR_SET_SECCOMP, 1); if (1 != BIO_do_connect(s_bio)) // XXX TODO: BIO_should_retry() later? die ("SSL connection failed\n"); if (1 != BIO_do_handshake(s_bio)) die ("SSL handshake failed\n"); // from /usr/include/openssl/ssl3.h // ssl->s3->server_random is an unsigned char of 32 bits memcpy(&result_time, ssl->s3->server_random, sizeof (uint32_t)); verb("V: In TLS response, T=%lu\n", (unsigned long)ntohl(result_time)); if (http) { char buf[1024]; verb_debug ("V: Starting HTTP\n"); if (snprintf(buf, sizeof(buf), HTTP_REQUEST, HTTPS_USER_AGENT, hostname_to_verify) >= 1024) die("hostname too long"); buf[1023]='\0'; /* Unneeded. */ verb_debug ("V: Writing HTTP request\n"); if (1 != write_all_to_bio(s_bio, buf)) die ("write all to bio failed.\n"); verb_debug ("V: Reading HTTP response\n"); if (1 != read_http_date_from_bio(s_bio, &result_time)) die ("read all from bio failed.\n"); verb ("V: Received HTTP response. T=%lu\n", (unsigned long)result_time); result_time = htonl(result_time); } // Verify the peer certificate against the CA certs on the local system if (ca_racket) { inspect_key (ssl, hostname_to_verify); } else { verb ("V: Certificate verification skipped!\n"); } check_key_length(ssl); memcpy(time_map, &result_time, sizeof (uint32_t)); SSL_free(ssl); SSL_CTX_free(ctx); } #endif /* USE_POLARSSL */ /** drop root rights and become 'nobody' */ int main(int argc, char **argv) { uint32_t *time_map; struct tlsdate_time start_time, end_time, warp_time; int status; pid_t ssl_child; long long rt_time_ms; uint32_t server_time_s; int setclock; int showtime; int showtime_raw; int timewarp; int leap; int http; if (argc != 13) return 1; host = argv[1]; hostname_to_verify = argv[1]; port = argv[2]; protocol = argv[3]; ca_cert_container = argv[6]; ca_racket = (0 != strcmp ("unchecked", argv[4])); verbose = (0 != strcmp ("quiet", argv[5])); verbose_debug = (0 != strcmp ("verbose", argv[5])); setclock = (0 == strcmp ("setclock", argv[7])); showtime = (0 == strcmp ("showtime", argv[8])); showtime_raw = (0 == strcmp ("showtime=raw", argv[8])); timewarp = (0 == strcmp ("timewarp", argv[9])); leap = (0 == strcmp ("leapaway", argv[10])); proxy = (0 == strcmp ("none", argv[11]) ? NULL : argv[11]); http = (0 == (strcmp("http", argv[12]))); /* Initalize warp_time with RECENT_COMPILE_DATE */ clock_init_time(&warp_time, RECENT_COMPILE_DATE, 0); verb ("V: RECENT_COMPILE_DATE is %lu.%06lu\n", (unsigned long) CLOCK_SEC(&warp_time), (unsigned long) CLOCK_USEC(&warp_time)); if (1 != timewarp) { verb ("V: we'll do the time warp another time - we're not setting clock\n"); } /* We are not going to set the clock, thus no need to stay root */ if (0 == setclock && 0 == timewarp) { verb ("V: attemping to drop administrator privileges\n"); drop_privs_to (UNPRIV_USER, UNPRIV_GROUP); } // We cast the mmap value to remove this error when compiling with g++: // src/tlsdate-helper.c: In function ‘int main(int, char**)’: // src/tlsdate-helper.c:822:41: error: invalid conversion from ‘void*’ to ‘uint32_t time_map = (uint32_t *) mmap (NULL, sizeof (uint32_t), PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0); if (MAP_FAILED == time_map) { fprintf (stderr, "mmap failed: %s\n", strerror (errno)); return 1; } /* Get the current time from the system clock. */ if (0 != clock_get_real_time(&start_time)) { die ("Failed to read current time of day: %s\n", strerror (errno)); } verb ("V: time is currently %lu.%06lu\n", (unsigned long) CLOCK_SEC(&start_time), (unsigned long) CLOCK_NSEC(&start_time)); if (((unsigned long) CLOCK_SEC(&start_time)) < ((unsigned long) CLOCK_SEC(&warp_time))) { verb ("V: local clock time is less than RECENT_COMPILE_DATE\n"); if (timewarp) { verb ("V: Attempting to warp local clock into the future\n"); if (0 != clock_set_real_time(&warp_time)) { die ("setting time failed: %s (Attempted to set clock to %lu.%06lu)\n", strerror (errno), (unsigned long) CLOCK_SEC(&warp_time), (unsigned long) CLOCK_SEC(&warp_time)); } if (0 != clock_get_real_time(&start_time)) { die ("Failed to read current time of day: %s\n", strerror (errno)); } verb ("V: time is currently %lu.%06lu\n", (unsigned long) CLOCK_SEC(&start_time), (unsigned long) CLOCK_NSEC(&start_time)); verb ("V: It's just a step to the left...\n"); } } else { verb ("V: time is greater than RECENT_COMPILE_DATE\n"); } /* initialize to bogus value, just to be on the safe side */ *time_map = 0; /* Run SSL interaction in separate process (and not as 'root') */ ssl_child = fork (); if (-1 == ssl_child) die ("fork failed: %s\n", strerror (errno)); if (0 == ssl_child) { drop_privs_to (UNPRIV_USER, UNPRIV_GROUP); run_ssl (time_map, leap, http); (void) munmap (time_map, sizeof (uint32_t)); _exit (0); } if (ssl_child != waitpid (ssl_child, &status, 0)) die ("waitpid failed: %s\n", strerror (errno)); if (! (WIFEXITED (status) && (0 == WEXITSTATUS (status)) )) die ("child process failed in SSL handshake\n"); if (0 != clock_get_real_time(&end_time)) die ("Failed to read current time of day: %s\n", strerror (errno)); /* calculate RTT */ rt_time_ms = (CLOCK_SEC(&end_time) - CLOCK_SEC(&start_time)) * 1000 + (CLOCK_USEC(&end_time) - CLOCK_USEC(&start_time)) / 1000; if (rt_time_ms < 0) rt_time_ms = 0; /* non-linear time... */ #ifdef USE_POLARSSL server_time_s = *time_map; #else server_time_s = ntohl (*time_map); #endif // We should never have a time_map of zero here; // It either stayed zero or we have a false ticker. if ( 0 == server_time_s ) die ("child process failed to update time map; weird platform issues?\n"); munmap (time_map, sizeof (uint32_t)); verb ("V: server time %u (difference is about %d s) was fetched in %lld ms\n", (unsigned int) server_time_s, CLOCK_SEC(&start_time) - server_time_s, rt_time_ms); /* warning if the handshake took too long */ if (rt_time_ms > TLS_RTT_THRESHOLD) { verb ("V: the TLS handshake took more than %d msecs - consider using a different " \ "server or run it again\n", TLS_RTT_THRESHOLD); } if (showtime_raw) { fwrite(&server_time_s, sizeof(server_time_s), 1, stdout); } if (showtime) { struct tm ltm; time_t tim = server_time_s; char buf[256]; localtime_r(&tim, <m); if (0 == strftime(buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y", <m)) { die ("strftime returned 0\n"); } fprintf(stdout, "%s\n", buf); } /* finally, actually set the time */ if (setclock) { struct tlsdate_time server_time; clock_init_time(&server_time, server_time_s + (rt_time_ms / 2 / 1000), (rt_time_ms / 2) % 1000); // We should never receive a time that is before the time we were last // compiled; we subscribe to the linear theory of time for this program // and this program alone! if (CLOCK_SEC(&server_time) >= MAX_REASONABLE_TIME) die("remote server is a false ticker from the future!\n"); if (CLOCK_SEC(&server_time) <= RECENT_COMPILE_DATE) die ("remote server is a false ticker!\n"); if (0 != clock_set_real_time(&server_time)) die ("setting time failed: %s (Difference from server is about %d)\n", strerror (errno), CLOCK_SEC(&start_time) - server_time_s); verb ("V: setting time succeeded\n"); } return 0; } tlsdate-0.0.7/src/tlsdate-helper.h000066400000000000000000000066551230412117200170400ustar00rootroot00000000000000/* Copyright (c) 2012, Jacob Appelbaum * Copyright (c) 2012, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** * \file tlsdate-helper.h * \brief The secondary header for our clock helper. **/ #ifndef TLSDATEHELPER_H #define TLSDATEHELPER_H #include #include #include #include #ifdef TARGET_OS_HAIKU #include #include #endif #include #include #include #include #include #include #include #include #include #include #include #ifndef USE_POLARSSL #include #include #include #include #include #include #include #endif int verbose; int verbose_debug; #include "src/util.h" /** Name of user that we feel safe to run SSL handshake with. */ #ifndef UNPRIV_USER #define UNPRIV_USER "nobody" #endif #ifndef UNPRIV_GROUP #define UNPRIV_GROUP "nogroup" #endif // We should never accept a time before we were compiled // We measure in seconds since the epoch - eg: echo `date '+%s'` // We set this manually to ensure others can reproduce a build; // automation of this will make every build different! #ifndef RECENT_COMPILE_DATE #define RECENT_COMPILE_DATE (uint32_t) 1342323666 #endif #ifndef MAX_REASONABLE_TIME #define MAX_REASONABLE_TIME (uint32_t) 1999991337 #endif #ifndef MIN_PUB_KEY_LEN #define MIN_PUB_KEY_LEN (uint32_t) 1023 #endif #ifndef MIN_ECC_PUB_KEY_LEN #define MIN_ECC_PUB_KEY_LEN (uint32_t) 160 #endif #ifndef MAX_ECC_PUB_KEY_LEN #define MAX_ECC_PUB_KEY_LEN (uint32_t) 521 #endif // After the duration of the TLS handshake exceeds this threshold // (in msec), a warning is printed. #define TLS_RTT_THRESHOLD 2000 // RFC 5280 says... // ub-common-name-length INTEGER ::= 64 #define MAX_CN_NAME_LENGTH 64 // RFC 1034 and posix say... #define TLSDATE_HOST_NAME_MAX 255 // To support our RFC 2595 wildcard verification #define RFC2595_MIN_LABEL_COUNT 3 // Define a max length for the HTTP Date: header #define MAX_DATE_LINE_LEN 32 // Define a max length for HTTP headers #define MAX_HTTP_HEADERS_SIZE 8192 // Define our basic HTTP request #define HTTP_REQUEST \ "HEAD / HTTP/1.1\r\n" \ "User-Agent: %s\r\n" \ "Host: %s\r\n" \ "\r\n" static int ca_racket; static const char *host; static const char *hostname_to_verify; static const char *port; static const char *protocol; static char *proxy; static const char *ca_cert_container; #ifndef USE_POLARSSL void openssl_time_callback (const SSL* ssl, int where, int ret); uint32_t get_certificate_keybits (EVP_PKEY *public_key); uint32_t check_cn (SSL *ssl, const char *hostname); uint32_t check_san (SSL *ssl, const char *hostname); long openssl_check_against_host_and_verify (SSL *ssl); uint32_t check_name (SSL *ssl, const char *hostname); uint32_t verify_signature (SSL *ssl, const char *hostname); void check_key_length (SSL *ssl); void inspect_key (SSL *ssl, const char *hostname); void check_key_length (SSL *ssl); void inspect_key (SSL *ssl, const char *hostname); #endif uint32_t dns_label_count (char *label, char *delim); uint32_t check_wildcard_match_rfc2595 (const char *orig_hostname, const char *orig_cert_wild_card); static void run_ssl (uint32_t *time_map, int time_is_an_illusion, int http); #endif tlsdate-0.0.7/src/tlsdate.c000066400000000000000000000153531230412117200155510ustar00rootroot00000000000000/* Copyright (c) 2012, Jacob Appelbaum. * Copyright (c) 2012, The Tor Project, Inc. * Copyright (c) 2012, Christian Grothoff. */ /* See LICENSE for licensing information */ /* This file contains the license for tlsdate, a free software project to set your system clock securely. It also lists the licenses for other components used by tlsdate. For more information about tlsdate, see https://github.com/ioerror/tlsdate If you got this file as a part of a larger bundle, there may be other license terms that you should be aware of. =============================================================================== tlsdate is distributed under this license: Copyright (c) 2011-2012, Jacob Appelbaum Copyright (c) 2011-2012, The Tor Project, Inc. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the names of the copyright owners nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. =============================================================================== If you got tlsdate as a static binary with OpenSSL included, then you should know: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)" =============================================================================== */ /** * \file tlsdate.c * \brief The main program to assist in setting the system clock. **/ /* * tlsdate is a tool for setting the system clock by hand or by communication * with the network. It does not set the RTC. It is designed to be as secure as * TLS (RFC 2246) but of course the security of TLS is often reduced to * whichever CA racket you believe is trustworthy. By default, tlsdate trusts * your local CA root store - so any of these companies could assist in a MITM * attack against you and you'd be screwed. * This tool is designed to be run by hand or as a system daemon. It must be * run as root or otherwise have the proper caps; it will not be able to set * the system time without running as root or another privileged user. */ #include "config.h" #include "src/tlsdate.h" /** Return the proper commandline switches when the user needs information. */ static void usage(void) { fprintf(stderr, "tlsdate usage:\n" " [-h|--help]\n" " [-s|--skip-verification]\n" " [-n|--dont-set-clock]\n" " [-H|--host] [hostname|ip]\n" " [-p|--port] [port number]\n" " [-P|--protocol] [sslv23|sslv3|tlsv1]\n" " [-C|--certcontainer] [dirname|filename]\n" " [-v|--verbose]\n" " [-V|--showtime] [human|raw]\n" " [-t|--timewarp]\n" " [-l|--leap]\n" " [-x|--proxy] [url]\n" " [-w|--http]\n"); } int main(int argc, char **argv) { int verbose; int ca_racket; int showtime; int setclock; const char *host; const char *port; const char *protocol; const char *ca_cert_container; int timewarp; int leap; const char *proxy; int http; host = DEFAULT_HOST; port = DEFAULT_PORT; protocol = DEFAULT_PROTOCOL; ca_cert_container = DEFAULT_CERTFILE; verbose = 0; ca_racket = 1; showtime = 0; setclock = 1; timewarp = 0; leap = 0; proxy = NULL; http = 0; while (1) { int option_index = 0; int c; static struct option long_options[] = { {"verbose", 0, 0, 'v'}, {"showtime", 2, 0, 'V'}, {"skip-verification", 0, 0, 's'}, {"help", 0, 0, 'h'}, {"host", 0, 0, 'H'}, {"port", 0, 0, 'p'}, {"protocol", 0, 0, 'P'}, {"dont-set-clock", 0, 0, 'n'}, {"certcontainer", 0, 0, 'C'}, {"timewarp", 0, 0, 't'}, {"leap", 0, 0, 'l'}, {"proxy", 0, 0, 'x'}, {"http", 0, 0, 'w'}, {0, 0, 0, 0} }; c = getopt_long(argc, argv, "vV::shH:p:P:nC:tlx:w", long_options, &option_index); if (c == -1) break; switch (c) { case 'v': verbose += 1; break; case 'V': showtime = (optarg && 0 == strcmp("raw", optarg) ? 2:1); break; case 's': ca_racket = 0; break; case 'h': usage(); exit(1); break; case 'H': host = optarg; break; case 'p': port = optarg; break; case 'P': protocol = optarg; break; case 'n': setclock = 0; break; case 'C': ca_cert_container = optarg; break; case 't': timewarp = 1; break; case 'l': leap = 1; break; case 'x': proxy = optarg; break; case 'w': http = 1; break; case '?': break; default : fprintf(stderr, "Unknown option!\n"); usage(); exit(1); } } if (2 == verbose) { fprintf(stderr, "V: tlsdate version %s\n" "V: We were called with the following arguments:\n" "V: %s host = %s:%s\n", PACKAGE_VERSION, ca_racket ? "validate SSL certificates" : "disable SSL certificate check", host, port); if (0 == ca_racket) fprintf(stderr, "WARNING: Skipping certificate verification!\n"); } execlp (TLSDATE_HELPER, "tlsdate", host, port, protocol, (ca_racket ? "racket" : "unchecked"), (verbose ? (verbose >= 2 ? "debug" : "verbose") : "quiet"), ca_cert_container, (setclock ? "setclock" : "dont-set-clock"), (showtime ? (showtime == 2 ? "showtime=raw" : "showtime") : "no-showtime"), (timewarp ? "timewarp" : "no-fun"), (leap ? "leapaway" : "holdfast"), (proxy ? proxy : "none"), (http ? "http" : "tls"), NULL); perror("Failed to run tlsdate-helper"); return 1; } tlsdate-0.0.7/src/tlsdate.h000066400000000000000000000052511230412117200155520ustar00rootroot00000000000000/* Copyright (c) 2013, Jacob Appelbaum * Copyright (c) 2012, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** * \file tlsdate.h * \brief The main header for our clock helper. **/ #ifndef TLSDATE_H #define TLSDATE_H #include "src/configmake.h" #include #include #include #include #include #include #include #include #define DEFAULT_HOST "www.ptb.de" #define DEFAULT_PORT "443" #define DEFAULT_PROXY "none" #define DEFAULT_PROTOCOL "tlsv1" #define DEFAULT_CERTDIR "/etc/ssl/certs" #define DEFAULT_CERTFILE TLSDATE_CERTFILE #define DEFAULT_DAEMON_CACHEDIR "/var/cache/tlsdated" #define DEFAULT_DAEMON_TMPSUFFIX ".new" #define DEFAULT_TLSDATE TLSDATE #define DEFAULT_RTC_DEVICE "/dev/rtc" #define DEFAULT_CONF_FILE TLSDATE_CONF_DIR "tlsdated.conf" /* tlsdated magic numbers */ #define MAX_TRIES 10 #define WAIT_BETWEEN_TRIES 10 #define SUBPROCESS_TIMEOUT 30 #define STEADY_STATE_INTERVAL 86400 #define DEFAULT_SYNC_HWCLOCK 1 #define DEFAULT_LOAD_FROM_DISK 1 #define DEFAULT_SAVE_TO_DISK 1 #define DEFAULT_USE_NETLINK 1 #define DEFAULT_DRY_RUN 0 #define MAX_SANE_BACKOFF 600 /* exponential backoff should only go this far */ #ifndef TLSDATED_MAX_DATE #define TLSDATED_MAX_DATE 1999991337 /* this'll be a great bug some day */ #endif #define TEST_HOST 'w', 'w', 'w', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', \ 'c', 'o', 'm' #define TEST_HOST_SIZE 14 static const char kTestHost[] = { TEST_HOST, 0 }; #define TEST_PORT 80 /** The current version of tlsdate. */ #define tlsdate_version VERSION struct source { struct source *next; char *host; char *port; char *proxy; }; struct opts { int max_tries; int min_steady_state_interval; int wait_between_tries; int subprocess_timeout; int steady_state_interval; const char *base_path; char **base_argv; char **argv; int should_sync_hwclock; int should_load_disk; int should_save_disk; int should_netlink; int dry_run; int jitter; char *conf_file; struct source *sources; struct source *cur_source; char *proxy; int leap; }; char timestamp_path[PATH_MAX]; void sync_hwclock (void *rtc_handle); int is_sane_time (time_t ts); int load_disk_timestamp (const char *path, time_t * t); void save_disk_timestamp (const char *path, time_t t); int add_jitter (int base, int jitter); int tlsdate (struct opts *opts, char *argv[]); /** This is where we store parsed commandline options. */ typedef struct { int verbose; int verbose_debug; int ca_racket; int help; int showtime; int setclock; time_t manual_time; char *host; char *port; char *protocol; } tlsdate_options_t; #endif /* TLSDATE_H */ tlsdate-0.0.7/src/tlsdated-unittest.c000066400000000000000000000161201230412117200175630ustar00rootroot00000000000000/* * tlsdated-unittest.c - tlsdated unit tests * Copyright (c) 2012 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #include "config.h" #include "src/test_harness.h" #include "src/tlsdate.h" #include "src/util.h" #include #include #include #include #include FIXTURE(tempdir) { char path[PATH_MAX]; }; FIXTURE_SETUP(tempdir) { char *p; strncpy(self->path, "/tmp/tlsdated-unit-XXXXXX", sizeof(self->path)); p = mkdtemp(self->path); ASSERT_NE(NULL, p); } FIXTURE_TEARDOWN(tempdir) { char buf[256]; snprintf(buf, sizeof(buf), "%s/load", self->path); unlink(buf); snprintf(buf, sizeof(buf), "%s/save", self->path); unlink(buf); ASSERT_EQ(0, rmdir(self->path)); } int write_time(const char *path, time_t time) { int fd = open(path, O_WRONLY | O_TRUNC | O_CREAT, 0600); if (fd == -1) return 1; if (write(fd, &time, sizeof(time)) != sizeof(time)) { close(fd); return 1; } return close(fd); } int read_time(const char *path, time_t* time) { int fd = open(path, O_RDONLY); if (fd == -1) return 1; if (read(fd, time, sizeof(*time)) != sizeof(*time)) { close(fd); return 1; } return close(fd); } TEST(sane_time) { ASSERT_EQ(0, is_sane_time(0)); ASSERT_EQ(0, is_sane_time(INT_MAX)); } TEST(sane_host_time) { ASSERT_EQ(1, is_sane_time(time(NULL))); } TEST_F(tempdir, load_time) { char buf[PATH_MAX]; time_t tm = 3; time_t now = time(NULL); snprintf(buf, sizeof(buf), "%s/load", self->path); ASSERT_EQ(0, write_time(buf, 0)); ASSERT_EQ(-1, load_disk_timestamp(buf, &tm)); ASSERT_EQ(3, tm); ASSERT_EQ(0, write_time(buf, INT_MAX)); ASSERT_EQ(-1, load_disk_timestamp(buf, &tm)); ASSERT_EQ(3, tm); ASSERT_EQ(0, write_time(buf, now)); ASSERT_EQ(0, truncate(buf, 2)); ASSERT_EQ(-1, load_disk_timestamp(buf, &tm)); ASSERT_EQ(3, tm); ASSERT_EQ(0, unlink(buf)); ASSERT_EQ(-1, load_disk_timestamp(buf, &tm)); ASSERT_EQ(3, tm); ASSERT_EQ(0, write_time(buf, now)); ASSERT_EQ(0, load_disk_timestamp(buf, &tm)); ASSERT_EQ(now, tm); } TEST_F(tempdir, save_time) { char buf[PATH_MAX]; time_t now = time(NULL); time_t tm; snprintf(buf, sizeof(buf), "%s/save", self->path); save_disk_timestamp(buf, now); ASSERT_EQ(0, read_time(buf, &tm)); EXPECT_EQ(now, tm); } TEST(tlsdate_tests) { struct source source = { .next = NULL, .host = "", .port = "", .proxy = "" }; char *args[] = { "/nonexistent", NULL, NULL }; struct opts opts; memset(&opts, 0, sizeof(opts)); opts.sources = &source; opts.base_argv = args; opts.subprocess_timeout = 1; extern char **environ; EXPECT_EQ(1, tlsdate(&opts, environ)); args[0] = "/bin/false"; EXPECT_EQ(1, tlsdate(&opts, environ)); args[0] = "/bin/true"; EXPECT_EQ(0, tlsdate(&opts, environ)); args[0] = "src/test/sleep-wrap"; args[1] = "3"; EXPECT_EQ(-1, tlsdate(&opts, environ)); opts.subprocess_timeout = 5; EXPECT_EQ(0, tlsdate(&opts, environ)); } TEST(jitter) { int i = 0; int r; const int kBase = 100; const int kJitter = 25; int nonequal = 0; for (i = 0; i < 1000; i++) { r = add_jitter(kBase, kJitter); EXPECT_GE(r, kBase - kJitter); EXPECT_LE(r, kBase + kJitter); if (r != kBase) nonequal++; } EXPECT_NE(nonequal, 0); } TEST(rotate_hosts) { struct source s2 = { .next = NULL, .host = "host2", .port = "port2", .proxy = "proxy2" }; struct source s1 = { .next = &s2, .host = "host1", .port = "port1", .proxy = "proxy1" }; struct opts opts; char *args[] = { "src/test/rotate", NULL }; memset(&opts, 0, sizeof(opts)); opts.sources = &s1; opts.base_argv = args; opts.subprocess_timeout = 2; extern char **environ; EXPECT_EQ(1, tlsdate(&opts, environ)); EXPECT_EQ(2, tlsdate(&opts, environ)); EXPECT_EQ(1, tlsdate(&opts, environ)); EXPECT_EQ(2, tlsdate(&opts, environ)); } TEST(proxy_override) { struct source s1 = { .next = NULL, .host = "host", .port = "port", .proxy = NULL, }; struct opts opts; char *args[] = { "src/test/proxy-override", NULL }; memset(&opts, 0, sizeof(opts)); opts.sources = &s1; opts.base_argv = args; opts.subprocess_timeout = 2; extern char **environ; EXPECT_EQ(1, tlsdate(&opts, environ)); s1.proxy = "socks5://bad.proxy"; EXPECT_EQ(2, tlsdate(&opts, environ)); opts.proxy = "socks5://good.proxy"; EXPECT_EQ(0, tlsdate(&opts, environ)); } FIXTURE(mock_platform) { struct platform platform; struct platform *old_platform; }; FIXTURE_SETUP(mock_platform) { self->old_platform = platform; self->platform.rtc_open = NULL; self->platform.rtc_write = NULL; self->platform.rtc_read = NULL; self->platform.rtc_close = NULL; platform = &self->platform; } FIXTURE_TEARDOWN(mock_platform) { platform = self->old_platform; } TEST(tlsdate_args) { struct source s1 = { .next = NULL, .host = "host", .port = "port", .proxy = "proxy", }; struct opts opts; char *args[] = { "src/test/return-argc", NULL }; memset(&opts, 0, sizeof(opts)); opts.sources = &s1; opts.base_argv = args; opts.subprocess_timeout = 2; opts.leap = 1; verbose = 1; EXPECT_EQ(9, tlsdate(&opts, environ)); } /* * The stuff below this line is ugly. For a lot of these mock functions, we want * to smuggle some state (our success) back to the caller, but there's no angle * for that, so we're basically stuck with some static variables to store * expectations and successes/failures. This could also be done with nested * functions, but only gcc supports them. */ static const time_t sync_hwclock_expected = 12345678; static int sync_hwclock_time_get(struct timeval *tv) { tv->tv_sec = sync_hwclock_expected; tv->tv_usec = 0; return 0; } static int sync_hwclock_rtc_write(void *handle, const struct timeval *tv) { *(int *)handle = tv->tv_sec == sync_hwclock_expected; return 0; } TEST_F(mock_platform, sync_hwclock) { int ok = 0; void *fake_handle = (void *)&ok; self->platform.time_get = sync_hwclock_time_get; self->platform.rtc_write = sync_hwclock_rtc_write; sync_hwclock(fake_handle); ASSERT_EQ(ok, 1); } static const time_t sync_and_save_expected = 12345678; static int sync_and_save_time_get(struct timeval *tv) { tv->tv_sec = sync_and_save_expected; tv->tv_usec = 0; return 0; } static int sync_and_save_rtc_write(void *handle, const struct timeval *tv) { *(int *)handle += tv->tv_sec == sync_and_save_expected; return 0; } static int sync_and_save_file_write_ok = 0; static int sync_and_save_file_write(const char *path, void *buf, size_t sz) { if (!strcmp(path, timestamp_path)) sync_and_save_file_write_ok++; return 0; } TEST_F(mock_platform, sync_and_save) { int nosave_ok = 0; self->platform.time_get = sync_and_save_time_get; self->platform.rtc_write = sync_and_save_rtc_write; self->platform.file_write = sync_and_save_file_write; sync_and_save(&sync_and_save_file_write_ok, 1); ASSERT_EQ(sync_and_save_file_write_ok, 2); sync_and_save(&nosave_ok, 0); ASSERT_EQ(nosave_ok, 1); } TEST_HARNESS_MAIN tlsdate-0.0.7/src/tlsdated.c000066400000000000000000000471771230412117200157260ustar00rootroot00000000000000/* * tlsdated.c - invoke tlsdate when necessary. * Copyright (c) 2012 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. * * We invoke tlsdate once at system startup, then we start trying to invoke * tlsdate when a new network route appears. We try a few times after each route * comes up. As soon as we get a successful tlsdate run, we save that timestamp * to disk, then linger to wait for system shutdown. At system shutdown * (indicated by us getting SIGTERM), we save our timestamp to disk. */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef USE_POLARSSL #include #include #else #include #endif #include "src/conf.h" #include "src/event.h" #include "src/routeup.h" #include "src/util.h" #include "src/tlsdate.h" const char *kCacheDir = DEFAULT_DAEMON_CACHEDIR; int is_sane_time (time_t ts) { return ts > RECENT_COMPILE_DATE && ts < TLSDATED_MAX_DATE; } void build_argv(struct opts *opts) { int argc; char **new_argv; assert(opts->sources); /* choose the next source in the list; if we're at the end, start over. */ if (!opts->cur_source || !opts->cur_source->next) opts->cur_source = opts->sources; else opts->cur_source = opts->cur_source->next; if (opts->argv) { free(opts->argv); opts->argv = NULL; } for (argc = 0; opts->base_argv[argc]; argc++) ; argc++; /* uncounted null terminator */ argc += 8; /* -H host -p port -x proxy -v -l */ new_argv = malloc (argc * sizeof(char *)); if (!new_argv) fatal ("out of memory building argv"); for (argc = 0; opts->base_argv[argc]; argc++) new_argv[argc] = opts->base_argv[argc]; new_argv[argc++] = (char *) "-H"; new_argv[argc++] = opts->cur_source->host; new_argv[argc++] = (char *) "-p"; new_argv[argc++] = opts->cur_source->port; if (opts->cur_source->proxy || opts->proxy) { new_argv[argc++] = (char *) "-x"; new_argv[argc++] = opts->proxy ? opts->proxy : opts->cur_source->proxy; } if (verbose) new_argv[argc++] = "-v"; if (opts->leap) new_argv[argc++] = "-l"; new_argv[argc++] = NULL; opts->argv = new_argv; } /* * Run tlsdate in a child process. We fork it off, then wait a specified time * for it to exit; if it hasn't exited by then, we kill it and log a baffled * message. We return tlsdate's exit code if tlsdate exits normally, and a * negative value if we can't launch it or it exits uncleanly, so this function * returns 0 for success and nonzero for failure, with >0 being a tlsdate exit * code and <0 being an exec/fork/wait error. */ int tlsdate (struct opts *opts, char *envp[]) { pid_t pid; pid_t exited; int status; build_argv(opts); pid = fork(); if (pid < 0) { pinfo("fork() failed"); return -1; } else if (pid == 0) { execve(opts->argv[0], opts->argv, envp); pinfo("execve() failed"); exit(1); } exited = wait_with_timeout(&status, opts->subprocess_timeout); info("child %d exited with %d", exited, status); if (exited == -ETIMEDOUT) { kill(pid, SIGKILL); wait(&status); return -1; } return WIFEXITED(status) ? WEXITSTATUS(status) : -1; } /* * Load a time value out of the file named by path. Returns 0 if successful, * -1 if not. The file contains the time in seconds since epoch in host byte * order. */ int load_disk_timestamp (const char *path, time_t * t) { time_t tmpt; if (platform->file_read(path, &tmpt, sizeof(tmpt))) { info("can't load time file"); return -1; } if (!is_sane_time(tmpt)) { info("time %lu not sane", tmpt); return -1; } *t = tmpt; return 0; } /* Save a time value to the file named by path. */ void save_disk_timestamp (const char *path, time_t t) { if (platform->file_write(path, &t, sizeof(t))) info("saving disk timestamp failed"); } /* * Set the hardware clock referred to by fd (which should be a descriptor to * some device that implements the interface documented in rtc(4)) to the system * time. See hwclock(8) for details of why this is important. If we fail, we * just return - there's nothing the caller can really do about a failure of * this function except try later. */ void sync_hwclock (void *rtc_handle) { struct timeval tv; if (platform->time_get(&tv)) { pinfo("gettimeofday() failed"); return; } if (platform->rtc_write(rtc_handle, &tv)) info("rtc_write() failed"); } /* * Wait for a single event to happen. If should_netlink is true, we ask the * supplied routeup context to wait for an event; otherwise, we wait for a byte * of input on stdin. Semantics (for return value) are the same as for * routeup_once(). */ int wait_for_event (struct routeup *rtc, int should_netlink, int timeout) { char buf[1]; fd_set fds; struct timeval tv; int r; if (should_netlink) return routeup_once (rtc, timeout); tv.tv_sec = timeout; tv.tv_usec = 0; FD_ZERO (&fds); FD_SET (STDIN_FILENO, &fds); r = select (STDIN_FILENO + 1, &fds, NULL, NULL, &tv); if (r > 0) return read (STDIN_FILENO, buf, sizeof (buf)) != 1; return r == 0 ? 1 : -1; } char timestamp_path[PATH_MAX]; void sync_and_save (void *hwclock_handle, int should_save) { struct timeval tv; if (hwclock_handle) sync_hwclock (hwclock_handle); if (should_save) { if (platform->time_get(&tv)) pfatal ("gettimeofday() failed"); save_disk_timestamp (timestamp_path, tv.tv_sec); } } #ifdef USE_POLARSSL static int random_init = 0; static entropy_context entropy; static ctr_drbg_context ctr_drbg; static char *pers = "tlsdated"; #endif int add_jitter (int base, int jitter) { int n = 0; if (!jitter) return base; #ifdef USE_POLARSSL if (0 == random_init) { entropy_init(&entropy); if (0 > ctr_drbg_init(&ctr_drbg, entropy_func, &entropy, (unsigned char *) pers, strlen(pers))) { pfatal ("Failed to initialize random source"); } random_init = 1; } if (0 != ctr_drbg_random(&ctr_drbg, (unsigned char *)&n, sizeof(n))) fatal ("ctr_drbg_random() failed"); #else if (RAND_bytes((unsigned char *)&n, sizeof(n)) != 1) fatal ("RAND_bytes() failed"); #endif return base + (abs(n) % (2 * jitter)) - jitter; } int calc_wait_time (const struct opts *opts) { return add_jitter (opts->steady_state_interval, opts->jitter); } #ifdef TLSDATED_MAIN #ifdef HAVE_DBUS void dbus_announce (void) { char *argv[] = { TLSDATE_DBUS_ANNOUNCE, NULL }; pid_t pid = fork(); if (!pid) { drop_privs_to (DBUS_USER, DBUS_GROUP); pid = fork(); if (!pid) exit(execve(argv[0], argv, NULL)); else exit(pid < 0); } else if (pid > 0) { wait(NULL); } } #else void dbus_announce(void) { } #endif void sigterm_handler (int _unused) { struct timeval tv; platform->pgrp_kill(); if (gettimeofday (&tv, NULL)) /* can't use stdio or syslog inside a sig handler */ exit (2); save_disk_timestamp (timestamp_path, tv.tv_sec); exit (0); } void sigterm_handler_nosave (int _unused) { platform->pgrp_kill(); exit(0); } void usage (const char *progn) { printf ("Usage: %s [flags...] [--] [tlsdate command...]\n", progn); printf (" -w don't set hwclock\n"); printf (" -p dry run (don't really set time)\n"); printf (" -r use stdin instead of netlink for routes\n"); printf (" -t try n times when a new route appears\n"); printf (" -d delay n seconds between tries\n"); printf (" -T give subprocess n chances to exit\n"); printf (" -D delay n seconds between wait attempts\n"); printf (" -c set the cache directory\n"); printf (" -a run at most every n seconds in steady state\n"); printf (" -m run at most once every n seconds in steady state\n"); printf (" -j add up to n seconds jitter to steady state checks\n"); printf (" -l don't load disk timestamps\n"); printf (" -s don't save disk timestamps\n"); printf (" -v be verbose\n"); printf (" -x set proxy for subprocs to h\n"); printf (" -h this\n"); } void set_conf_defaults(struct opts *opts) { static char *kDefaultArgv[] = { (char *) DEFAULT_TLSDATE, (char *) "-H", (char *) DEFAULT_HOST, NULL }; opts->max_tries = MAX_TRIES; opts->min_steady_state_interval = STEADY_STATE_INTERVAL; opts->wait_between_tries = WAIT_BETWEEN_TRIES; opts->subprocess_timeout = SUBPROCESS_TIMEOUT; opts->steady_state_interval = STEADY_STATE_INTERVAL; opts->base_path = kCacheDir; opts->base_argv = kDefaultArgv; opts->argv = NULL; opts->should_sync_hwclock = DEFAULT_SYNC_HWCLOCK; opts->should_load_disk = DEFAULT_LOAD_FROM_DISK; opts->should_save_disk = DEFAULT_SAVE_TO_DISK; opts->should_netlink = DEFAULT_USE_NETLINK; opts->dry_run = DEFAULT_DRY_RUN; opts->jitter = 0; opts->conf_file = NULL; opts->sources = NULL; opts->cur_source = NULL; opts->proxy = NULL; opts->leap = 0; } void parse_argv(struct opts *opts, int argc, char *argv[]) { int opt; while ((opt = getopt (argc, argv, "hwrpt:d:c:a:lsvm:j:f:x:")) != -1) { switch (opt) { case 'w': opts->should_sync_hwclock = 0; break; case 'r': opts->should_netlink = 0; break; case 'p': opts->dry_run = 1; break; case 't': opts->max_tries = atoi (optarg); break; case 'd': opts->wait_between_tries = atoi (optarg); break; case 'c': opts->base_path = optarg; break; case 'a': opts->steady_state_interval = atoi (optarg); break; case 'l': opts->should_load_disk = 0; break; case 's': opts->should_save_disk = 0; break; case 'v': verbose = 1; break; case 'm': opts->min_steady_state_interval = atoi (optarg); break; case 'j': opts->jitter = atoi (optarg); break; case 'f': opts->conf_file = optarg; break; case 'x': opts->proxy = optarg; break; case 'h': default: usage (argv[0]); exit (1); } } if (optind < argc) opts->base_argv = argv + optind; /* Validate arguments */ } static void add_source_to_conf(struct opts *opts, char *host, char *port, char *proxy) { struct source *s; struct source *source = (struct source *) malloc (sizeof *source); if (!source) fatal ("out of memory for source"); source->host = strdup (host); if (!source->host) fatal ("out of memory for host"); source->port = strdup (port); if (!source->port) fatal ("out of memory for port"); if (proxy) { source->proxy = strdup (proxy); if (!source->proxy) fatal ("out of memory for proxy"); } if (!opts->sources) { opts->sources = source; } else { for (s = opts->sources; s->next; s = s->next) ; s->next = source; } } static struct conf_entry * parse_source(struct opts *opts, struct conf_entry *conf) { char *host = NULL; char *port = NULL; char *proxy = NULL; /* a source entry: * source * host * port * [proxy ] * end */ assert(!strcmp(conf->key, "source")); conf = conf->next; while (conf && strcmp(conf->key, "end")) { if (!strcmp(conf->key, "host")) host = conf->value; else if (!strcmp(conf->key, "port")) port = conf->value; else if (!strcmp(conf->key, "proxy")) proxy = conf->value; else fatal ("malformed config: '%s' in source stanza", conf->key); conf = conf->next; } if (!conf) fatal ("unclosed source stanza"); if (!host || !port) fatal ("incomplete source stanza (needs host, port)"); add_source_to_conf(opts, host, port, proxy); return conf; } void load_conf(struct opts *opts) { FILE *f; struct conf_entry *conf, *e; char *conf_file = opts->conf_file; if (!opts->conf_file) conf_file = (char *) DEFAULT_CONF_FILE; f = fopen (conf_file, "r"); if (!f) { if (opts->conf_file) { pfatal ("can't open conf file '%s'", opts->conf_file); } else { pinfo ("can't open conf file '%s'", conf_file); return; } } conf = conf_parse (f); if (!conf) pfatal ("can't parse config file"); for (e = conf; e; e = e->next) { if (!strcmp (e->key, "max-tries") && e->value) { opts->max_tries = atoi (e->value); } else if (!strcmp (e->key, "min-steady-state-interval") && e->value) { opts->min_steady_state_interval = atoi (e->value); } else if (!strcmp (e->key, "wait-between-tries") && e->value) { opts->wait_between_tries = atoi (e->value); } else if (!strcmp (e->key, "subprocess-timeout") && e->value) { opts->subprocess_timeout = atoi (e->value); } else if (!strcmp (e->key, "steady-state-interval") && e->value) { opts->steady_state_interval = atoi (e->value); } else if (!strcmp (e->key, "base-path") && e->value) { opts->base_path = strdup (e->value); if (!opts->base_path) fatal ("out of memory for base path"); } else if (!strcmp (e->key, "should-sync-hwclock")) { opts->should_sync_hwclock = e->value ? !strcmp(e->value, "yes") : 1; } else if (!strcmp (e->key, "should-load-disk")) { opts->should_load_disk = e->value ? !strcmp(e->value, "yes") : 1; } else if (!strcmp (e->key, "should-save-disk")) { opts->should_save_disk = e->value ? !strcmp(e->value, "yes") : 1; } else if (!strcmp (e->key, "should-netlink")) { opts->should_netlink = e->value ? !strcmp(e->value, "yes") : 1; } else if (!strcmp (e->key, "dry-run")) { opts->dry_run = e->value ? !strcmp(e->value, "yes") : 1; } else if (!strcmp (e->key, "jitter") && e->value) { opts->jitter = atoi (e->value); } else if (!strcmp (e->key, "verbose")) { verbose = e->value ? !strcmp(e->value, "yes") : 1; } else if (!strcmp (e->key, "source")) { e = parse_source(opts, e); } else if (!strcmp (e->key, "leap")) { opts->leap = e->value ? !strcmp(e->value, "yes") : 1; } } } void check_conf(struct opts *opts) { if (!opts->max_tries) fatal ("-t argument must be nonzero"); if (!opts->wait_between_tries) fatal ("-d argument must be nonzero"); if (!opts->subprocess_timeout) fatal ("subprocess timeout must be nonzero"); if (!opts->steady_state_interval) fatal ("-a argument must be nonzero"); if (snprintf (timestamp_path, sizeof (timestamp_path), "%s/timestamp", opts->base_path) >= sizeof (timestamp_path)) fatal ("supplied base path is too long: '%s'", opts->base_path); if (strlen (timestamp_path) + strlen (kTempSuffix) >= PATH_MAX) fatal ("supplied base path is too long: '%s'", opts->base_path); if (opts->jitter >= opts->steady_state_interval) fatal ("jitter must be less than steady state interval (%d >= %d)", opts->jitter, opts->steady_state_interval); } struct tlsdated_state { struct routeup rtc; time_t last_success; struct opts *opts; char *envp[]; }; static time_t now(void) { struct timeval tv; if (!platform->time_get(&tv)) return 0; return tv.tv_sec; } int tlsdate_retry(struct opts *opts, char *envp[]) { int backoff = opts->wait_between_tries; int i; for (i = 0; i < opts->max_tries; i++) { if (!tlsdate(opts, envp)) return 0; if (backoff < 1) fatal("backoff too small? %d", backoff); sleep(backoff); if (backoff < MAX_SANE_BACKOFF) backoff *= 2; } return 1; } int API main (int argc, char *argv[], char *envp[]) { void *hwclock_handle = NULL; time_t last_success = 0; struct opts opts; struct timeval tv = { 0, 0 }; int r; struct event *routeup = NULL; struct event *suspend = NULL; struct event *periodic = NULL; /* XXX */ struct event *composite = event_composite(); if (platform->pgrp_enter()) pfatal("pgrp_enter() failed"); suspend = event_suspend(); event_composite_add(composite, suspend); set_conf_defaults(&opts); parse_argv(&opts, argc, argv); check_conf(&opts); load_conf(&opts); check_conf(&opts); periodic = event_every(opts.steady_state_interval); event_composite_add(composite, periodic); info ("started up, loaded config file"); if (!opts.should_load_disk || load_disk_timestamp (timestamp_path, &tv.tv_sec)) info ("sysclock %lu, no cached time", time(NULL)); else info ("sysclock %lu, cached time %lu", time(NULL), tv.tv_sec); if (!opts.sources) add_source_to_conf(&opts, (char *) DEFAULT_HOST, (char *) DEFAULT_PORT, (char *) DEFAULT_PROXY); /* grab a handle to /dev/rtc for sync_hwclock() */ if (opts.should_sync_hwclock && !(hwclock_handle = platform->rtc_open())) pinfo ("can't open hwclock fd"); if (opts.should_netlink) routeup = event_routeup(); else routeup = event_fdread(STDIN_FILENO); event_composite_add(composite, routeup); if (!routeup) pfatal ("Can't open netlink socket"); if (!is_sane_time (time (NULL))) { /* * If the time is before the build timestamp, we're probably on * a system with a broken rtc. Try loading the timestamp off * disk. */ tv.tv_sec = RECENT_COMPILE_DATE; if (opts.should_load_disk && load_disk_timestamp (timestamp_path, &tv.tv_sec)) pinfo ("can't load disk timestamp"); if (!opts.dry_run && settimeofday (&tv, NULL)) pfatal ("settimeofday() failed"); dbus_announce(); /* * don't save here - we either just loaded this time or used the * default time, and neither of those are good to save */ sync_and_save (hwclock_handle, 0); } if (opts.should_save_disk) signal (SIGTERM, sigterm_handler); else signal (SIGTERM, sigterm_handler_nosave); /* * Try once right away. If we fail, wait for a route to appear, then try * for a while; repeat whenever another route appears. Try until we * succeed. */ if (!tlsdate (&opts, envp)) { last_success = time (NULL); sync_and_save (hwclock_handle, opts.should_save_disk); dbus_announce(); } /* * Loop until we catch a fatal signal or routeup_once() fails. We run * tlsdate at least once a day, but possibly as often as routes come up; * this should handle cases like a VPN being brought up and down * periodically. */ /* * The event loop. * When we start up, we may have no time fix at all; we'll call this "active * mode", where we are actively looking for opportunities to get a time fix. * Once we get a time fix, we go into "passive mode", where we're looking to * prevent clock drift or rtc corruption. The difference between these two * modes is whether we're aggressive about checking for time after network * routes come up. * * To do this, we create some event sources: * e0 = event_routeup() * e1 = event_suspend() * e2 = event_every(interval) * Then we create a couple of composite events: * active = event_anyof(3, e0, e1, e2) * Whenever our wait for an event returns, we start checking (i.e., running * tlsdate with exponential backoff until it succeeds). If checking succeeds * and we were in active state, we go to passive state; otherwise we return to * our previous state. */ while ((r = event_wait(composite))) { if (r < 0) { info("event_wait() failed: %d", r); continue; } if (now() - last_success < opts.min_steady_state_interval) { info("too soon"); continue; } if (!tlsdate_retry(&opts, envp)) { last_success = now(); info("tlsdate succeeded"); sync_and_save (hwclock_handle, opts.should_save_disk); dbus_announce(); } } info ("exiting"); platform->pgrp_kill(); return 1; } #endif /* !TLSDATED_MAIN */ tlsdate-0.0.7/src/util-plan9.c000066400000000000000000000050221230412117200160770ustar00rootroot00000000000000/* * util.c - routeup/tlsdated utility functions * Copyright (c) 2012 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #include "config.h" #include #include #include #include #include #if !_PLAN9_SOURCE #include #endif #include #include "src/util.h" /** helper function to print message and die */ void die (const char *fmt, ...) { va_list ap; va_start(ap, fmt); vfprintf(stderr, fmt, ap); va_end(ap); exit(1); } /** helper function for 'verbose' output */ void verb (const char *fmt, ...) { va_list ap; if (! verbose) return; va_start(ap, fmt); vfprintf(stderr, fmt, ap); va_end(ap); } #if !_PLAN9_SOURCE void API logat(int isverbose, const char *fmt, ...) { if (isverbose && !verbose) return; va_list ap; va_start(ap, fmt); vfprintf(stderr, fmt, ap); fprintf(stderr, "\n"); va_end(ap); va_start(ap, fmt); vsyslog(LOG_INFO, fmt, ap); va_end(ap); } #endif void drop_privs_to (const char *user, const char *group) { #if !_PLAN9_SOURCE uid_t uid; gid_t gid; struct passwd *pw; struct group *gr; if (0 != getuid ()) return; /* not running as root to begin with; should (!) be harmless to continue without dropping to 'nobody' (setting time will fail in the end) */ pw = getpwnam(user); gr = getgrnam(group); if (NULL == pw) die ("Failed to obtain UID for `%s'\n", user); if (NULL == gr) die ("Failed to obtain GID for `%s'\n", group); uid = pw->pw_uid; if (0 == uid) die ("UID for `%s' is 0, refusing to run SSL\n", user); gid = pw->pw_gid; if (0 == gid || 0 == gr->gr_gid) die ("GID for `%s' is 0, refusing to run SSL\n", user); if (pw->pw_gid != gr->gr_gid) die ("GID for `%s' is not `%s' as expected, refusing to run SSL\n", user, group); if (0 != initgroups((const char *)user, gr->gr_gid)) die ("Unable to initgroups for `%s' in group `%s' as expected\n", user, group); #ifdef HAVE_SETRESGID if (0 != setresgid (gid, gid, gid)) die ("Failed to setresgid: %s\n", strerror (errno)); #else if (0 != (setgid (gid) | setegid (gid))) die ("Failed to setgid: %s\n", strerror (errno)); #endif #ifdef HAVE_SETRESUID if (0 != setresuid (uid, uid, uid)) die ("Failed to setresuid: %s\n", strerror (errno)); #else if (0 != (setuid (uid) | seteuid (uid))) die ("Failed to setuid: %s\n", strerror (errno)); #endif #endif /* !_PLAN9_SOURCE */ } tlsdate-0.0.7/src/util-plan9.h000066400000000000000000000022411230412117200161040ustar00rootroot00000000000000/* * util.h - routeup/tlsdated utility functions * Copyright (c) 2012 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #ifndef UTIL_H #define UTIL_H #include #include #include #if _PLAN9_SOURCE #define API #else #define API __attribute__((visibility("default"))) #endif extern int verbose; extern int verbose_debug; void die (const char *fmt, ...); void verb (const char *fmt, ...); extern void logat(int isverbose, const char *fmt, ...); #define info(fmt, ...) logat(1, fmt, ## __VA_ARGS__) #define pinfo(fmt, ...) logat(1, fmt ": %s", ## __VA_ARGS__, strerror(errno)) #define error(fmt, ...) logat(0, fmt, ## __VA_ARGS__) #define perror(fmt, ...) logat(0, fmt ": %s", ## __VA_ARGS__, strerror(errno)) #define fatal(fmt, ...) do { logat(0, fmt, ## __VA_ARGS__); exit(1); } while (0) #define pfatal(fmt, ...) do { \ logat(0, fmt ": %s", ## __VA_ARGS__, strerror(errno)); \ exit(1); \ } while (0) static inline int min(int x, int y) { return x < y ? x : y; } void drop_privs_to (const char *user, const char *group); #endif /* !UTIL_H */ tlsdate-0.0.7/src/util.c000066400000000000000000000154721230412117200150700ustar00rootroot00000000000000/* * util.c - routeup/tlsdated utility functions * Copyright (c) 2012 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #include "config.h" #include "tlsdate.h" #include #include #include #ifdef HAVE_LINUX_RTC_H #include #endif #include #include #include #include #include #include #include #include #include #include #include #include #include #include "src/util.h" #if defined(HAVE_STRUCT_RTC_TIME) && defined(RTC_SET_TIME) && defined(RTC_RD_TIME) #define ENABLE_RTC #endif const char *kTempSuffix = DEFAULT_DAEMON_TMPSUFFIX; /** helper function to print message and die */ void die (const char *fmt, ...) { va_list ap; va_start(ap, fmt); vfprintf(stderr, fmt, ap); va_end(ap); exit(1); } /** helper function for 'verbose' output */ void verb (const char *fmt, ...) { va_list ap; if (! verbose ) return; va_start(ap, fmt); vfprintf(stderr, fmt, ap); va_end(ap); } /** helper function for 'verbose' output */ void verb_debug (const char *fmt, ...) { va_list ap; if (! verbose ) return; if (! verbose_debug ) return; va_start(ap, fmt); vfprintf(stderr, fmt, ap); va_end(ap); } void API logat(int isverbose, const char *fmt, ...) { if (isverbose && !verbose) return; va_list ap; va_start(ap, fmt); vfprintf(stderr, fmt, ap); fprintf(stderr, "\n"); va_end(ap); va_start(ap, fmt); vsyslog(LOG_INFO, fmt, ap); va_end(ap); } void drop_privs_to (const char *user, const char *group) { uid_t uid; gid_t gid; struct passwd *pw; struct group *gr; if (0 != getuid ()) return; /* not running as root to begin with; should (!) be harmless to continue without dropping to 'nobody' (setting time will fail in the end) */ pw = getpwnam(user); gr = getgrnam(group); if (NULL == pw) die ("Failed to obtain UID for `%s'\n", user); if (NULL == gr) die ("Failed to obtain GID for `%s'\n", group); uid = pw->pw_uid; if (0 == uid) die ("UID for `%s' is 0, refusing to run SSL\n", user); gid = pw->pw_gid; if (0 == gid || 0 == gr->gr_gid) die ("GID for `%s' is 0, refusing to run SSL\n", user); if (pw->pw_gid != gr->gr_gid) die ("GID for `%s' is not `%s' as expected, refusing to run SSL\n", user, group); if (0 != initgroups((const char *)user, gr->gr_gid)) die ("Unable to initgroups for `%s' in group `%s' as expected\n", user, group); #ifdef HAVE_SETRESGID if (0 != setresgid (gid, gid, gid)) die ("Failed to setresgid: %s\n", strerror (errno)); #else if (0 != (setgid (gid) | setegid (gid))) die ("Failed to setgid: %s\n", strerror (errno)); #endif #ifdef HAVE_SETRESUID if (0 != setresuid (uid, uid, uid)) die ("Failed to setresuid: %s\n", strerror (errno)); #else if (0 != (setuid (uid) | seteuid (uid))) die ("Failed to setuid: %s\n", strerror (errno)); #endif } pid_t wait_with_timeout(int *status, int timeout_secs) { int st = 0; pid_t exited; /* synthesize waiting with a timeout by using a helper process. We * launch a child process that will exit in |timeout_secs|, guaranteeing * that wait() will return by then. */ pid_t helper = fork(); if (helper < 0) return helper; if (helper == 0) { sleep(timeout_secs); exit(0); } /* use temporary status to avoid touching it if we do ETIMEDOUT */ exited = wait(&st); if (exited == helper) /* helper exited before any other child did */ return -ETIMEDOUT; /* a real child process exited - don't leak the helper */ kill(helper, SIGKILL); waitpid(helper, NULL, 0); *status = st; return exited; } #ifdef ENABLE_RTC struct rtc_handle { int fd; }; void *rtc_open() { struct rtc_handle *h = malloc(sizeof *h); h->fd = open(DEFAULT_RTC_DEVICE, O_RDONLY); if (h->fd < 0) { pinfo("can't open rtc"); free(h); return NULL; } return h; } int rtc_write(void *handle, const struct timeval *tv) { struct tm tmr; struct tm *tm; struct rtc_time rtctm; int fd = ((struct rtc_handle *)handle)->fd; tm = gmtime_r (&tv->tv_sec, &tmr); /* these structs are identical, but separately defined */ rtctm.tm_sec = tm->tm_sec; rtctm.tm_min = tm->tm_min; rtctm.tm_hour = tm->tm_hour; rtctm.tm_mday = tm->tm_mday; rtctm.tm_mon = tm->tm_mon; rtctm.tm_year = tm->tm_year; rtctm.tm_wday = tm->tm_wday; rtctm.tm_yday = tm->tm_yday; rtctm.tm_isdst = tm->tm_isdst; if (ioctl (fd, RTC_SET_TIME, &rtctm)) { pinfo ("ioctl(%d, RTC_SET_TIME, ...) failed", fd); return 1; } info ("synced rtc to sysclock"); return 0; } int rtc_read(void *handle, struct timeval *tv) { struct tm tm; struct rtc_time rtctm; int fd = ((struct rtc_handle *)handle)->fd; if (ioctl (fd, RTC_RD_TIME, &rtctm)) { pinfo ("ioctl(%d, RTC_RD_TIME, ...) failed", fd); return 1; } tm.tm_sec = rtctm.tm_sec; tm.tm_min = rtctm.tm_min; tm.tm_hour = rtctm.tm_hour; tm.tm_mday = rtctm.tm_mday; tm.tm_mon = rtctm.tm_mon; tm.tm_year = rtctm.tm_year; tm.tm_wday = rtctm.tm_wday; tm.tm_yday = rtctm.tm_yday; tm.tm_isdst = rtctm.tm_isdst; tv->tv_sec = mktime(&tm); tv->tv_usec = 0; return 0; } int rtc_close(void *handle) { struct rtc_handle *h = handle; close(h->fd); free(h); return 0; } #endif int file_write(const char *path, void *buf, size_t sz) { char tmp[PATH_MAX]; int oflags = O_WRONLY | O_CREAT | O_NOFOLLOW | O_TRUNC; int perms = S_IRUSR | S_IWUSR; int fd; if (snprintf(tmp, sizeof(tmp), path, kTempSuffix) >= sizeof(tmp)) { pinfo("path %s too long to use", path); exit(1); } if ((fd = open(tmp, oflags, perms)) < 0) { pinfo("open(%s) failed", tmp); return 1; } if (write(fd, buf, sz) != sz) { pinfo("write() failed"); close(fd); return 1; } if (close(fd)) { pinfo("close() failed"); return 1; } if (rename(tmp, path)) { pinfo("rename() failed"); return 1; } return 0; } int file_read(const char *path, void *buf, size_t sz) { int fd = open(path, O_RDONLY | O_NOFOLLOW); if (fd < 0) { pinfo("open(%s) failed", path); return 1; } if (read(fd, buf, sz) != sz) { pinfo("read() failed"); close(fd); return 1; } return close(fd); } int time_get(struct timeval *tv) { return gettimeofday(tv, NULL); } int pgrp_enter(void) { return setpgid(0, 0); } int pgrp_kill(void) { pid_t grp = getpgrp(); return kill(-grp, SIGKILL); } static struct platform default_platform = { #ifdef ENABLE_RTC .rtc_open = rtc_open, .rtc_write = rtc_write, .rtc_read = rtc_read, .rtc_close = rtc_close, #endif .file_write = file_write, .file_read = file_read, .time_get = time_get, .pgrp_enter = pgrp_enter, .pgrp_kill = pgrp_kill }; struct platform *platform = &default_platform; tlsdate-0.0.7/src/util.h000066400000000000000000000035221230412117200150660ustar00rootroot00000000000000/* * util.h - routeup/tlsdated utility functions * Copyright (c) 2012 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #ifndef UTIL_H #define UTIL_H #include #include #include #include #ifdef TARGET_OS_HAIKU #include #endif #define API __attribute__((visibility("default"))) extern const char *kTempSuffix; extern int verbose; extern int verbose_debug; void die (const char *fmt, ...); void verb (const char *fmt, ...); void verb_debug (const char *fmt, ...); extern void logat(int isverbose, const char *fmt, ...); #define info(fmt, ...) logat(1, fmt, ## __VA_ARGS__) #define pinfo(fmt, ...) logat(1, fmt ": %s", ## __VA_ARGS__, strerror(errno)) #define error(fmt, ...) logat(0, fmt, ## __VA_ARGS__) #define perror(fmt, ...) logat(0, fmt ": %s", ## __VA_ARGS__, strerror(errno)) #define fatal(fmt, ...) do { logat(0, fmt, ## __VA_ARGS__); exit(1); } while (0) #define pfatal(fmt, ...) do { \ logat(0, fmt ": %s", ## __VA_ARGS__, strerror(errno)); \ exit(1); \ } while (0) static inline int min(int x, int y) { return x < y ? x : y; } void drop_privs_to (const char *user, const char *group); /* like wait(), but with a timeout. Returns ordinary fork() error codes, or * ETIMEDOUT. */ pid_t wait_with_timeout(int *status, int timeout_secs); struct platform { void *(*rtc_open)(void); int (*rtc_write)(void *handle, const struct timeval *tv); int (*rtc_read)(void *handle, struct timeval *tv); int (*rtc_close)(void *handle); int (*file_write)(const char *path, void *buf, size_t sz); int (*file_read)(const char *path, void *buf, size_t sz); int (*time_get)(struct timeval *tv); int (*pgrp_enter)(void); int (*pgrp_kill)(void); }; extern struct platform *platform; #endif /* !UTIL_H */ tlsdate-0.0.7/src/visibility.h000066400000000000000000000056621230412117200163070ustar00rootroot00000000000000/* vim:expandtab:shiftwidth=2:tabstop=2:smarttab: * * Copyright (C) 2012 Brian Aker, brian@tangent.org * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are * met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * * Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following disclaimer * in the documentation and/or other materials provided with the * distribution. * * * The names of its contributors may not be used to endorse or * promote products derived from this software without specific prior * written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ #pragma once #if defined(BUILDING_TLSDATE) # if defined(HAVE_VISIBILITY) && HAVE_VISIBILITY # define TLSDATE_API __attribute__ ((visibility("default"))) # define TLSDATE_LOCAL __attribute__ ((visibility("default"))) # elif defined (__SUNPRO_C) && (__SUNPRO_C >= 0x550) # define TLSDATE_API __global # define TLSDATE_LOCAL __global # elif defined(_MSC_VER) # define TLSDATE_API extern __declspec(dllexport) # define TLSDATE_LOCAL extern __declspec(dllexport) # else # define TLSDATE_API # define TLSDATE_LOCAL # endif #else # if defined(BUILDING_TLSDATE) # if defined(HAVE_VISIBILITY) && HAVE_VISIBILITY # define TLSDATE_API __attribute__ ((visibility("default"))) # define TLSDATE_LOCAL __attribute__ ((visibility("hidden"))) # elif defined (__SUNPRO_C) && (__SUNPRO_C >= 0x550) # define TLSDATE_API __global # define TLSDATE_LOCAL __hidden # elif defined(_MSC_VER) # define TLSDATE_API extern __declspec(dllexport) # define TLSDATE_LOCAL # else # define TLSDATE_API # define TLSDATE_LOCAL # endif /* defined(HAVE_VISIBILITY) */ # else /* defined(BUILDING_TLSDATE) */ # if defined(_MSC_VER) # define TLSDATE_API extern __declspec(dllimport) # define TLSDATE_LOCAL # else # define TLSDATE_API # define TLSDATE_LOCAL # endif /* defined(_MSC_VER) */ # endif /* defined(BUILDING_TLSDATE) */ #endif /* defined(BUILDING_TLSDATEINTERNAL) */ tlsdate-0.0.7/test.conf000066400000000000000000000000611230412117200147720ustar00rootroot00000000000000min-steady-state-interval 0 wait-between-tries 1 tlsdate-0.0.7/tests/000077500000000000000000000000001230412117200143115ustar00rootroot00000000000000tlsdate-0.0.7/tests/README000066400000000000000000000000501230412117200151640ustar00rootroot00000000000000Integration tests for tlsdate/tlsdated. tlsdate-0.0.7/tests/common.sh000066400000000000000000000005051230412117200161350ustar00rootroot00000000000000#!/bin/sh kill_tlsdated() { kill -TERM $PPID } passed() { kill_tlsdated echo "ok" } failed() { kill_tlsdated echo "failed" } mydir() { echo "$(dirname "$0")" } counter() { cat "$(mydir)"/"$1" } inc_counter() { c=$(counter "$1") echo $((c + 1)) >"$(mydir)"/"$1" } reset_counter() { echo 0 > "$(mydir)"/"$1" } tlsdate-0.0.7/tests/run-idle/000077500000000000000000000000001230412117200160305ustar00rootroot00000000000000tlsdate-0.0.7/tests/run-idle/input000066400000000000000000000000001230412117200171000ustar00rootroot00000000000000tlsdate-0.0.7/tests/run-idle/output000066400000000000000000000000031230412117200173040ustar00rootroot00000000000000ok tlsdate-0.0.7/tests/run-idle/runs000066400000000000000000000000021230412117200167320ustar00rootroot000000000000002 tlsdate-0.0.7/tests/run-idle/setup000077500000000000000000000001011230412117200171060ustar00rootroot00000000000000#!/bin/sh . "$(dirname "$0")"/../common.sh reset_counter "runs" tlsdate-0.0.7/tests/run-idle/subproc.sh000077500000000000000000000001501230412117200200400ustar00rootroot00000000000000#!/bin/sh . "$(dirname $0)"/../common.sh inc_counter "runs" c=$(counter "runs") [ $c -eq 2 ] && passed tlsdate-0.0.7/tests/run-idle/teardown000066400000000000000000000001011230412117200175660ustar00rootroot00000000000000#!/bin/sh . "$(dirname "$0")"/../common.sh reset_counter "runs" tlsdate-0.0.7/tests/run-idle/test.conf000066400000000000000000000000641230412117200176560ustar00rootroot00000000000000min-steady-state-interval 0 steady-state-interval 2 tlsdate-0.0.7/tests/run-once/000077500000000000000000000000001230412117200160375ustar00rootroot00000000000000tlsdate-0.0.7/tests/run-once/input000066400000000000000000000000001230412117200171070ustar00rootroot00000000000000tlsdate-0.0.7/tests/run-once/output000066400000000000000000000000031230412117200173130ustar00rootroot00000000000000ok tlsdate-0.0.7/tests/run-once/run-error000066400000000000000000000000071230412117200177120ustar00rootroot00000000000000Killed tlsdate-0.0.7/tests/run-once/subproc.sh000077500000000000000000000001021230412117200200440ustar00rootroot00000000000000#!/bin/sh . "$(dirname $0)"/../common.sh echo "ok" kill_tlsdated tlsdate-0.0.7/tests/run-routeup/000077500000000000000000000000001230412117200166165ustar00rootroot00000000000000tlsdate-0.0.7/tests/run-routeup/input000066400000000000000000000000021230412117200176700ustar00rootroot00000000000000u tlsdate-0.0.7/tests/run-routeup/output000066400000000000000000000000031230412117200200720ustar00rootroot00000000000000ok tlsdate-0.0.7/tests/run-routeup/runs000066400000000000000000000000021230412117200175200ustar00rootroot000000000000002 tlsdate-0.0.7/tests/run-routeup/setup000077500000000000000000000001011230412117200176740ustar00rootroot00000000000000#!/bin/sh . "$(dirname "$0")"/../common.sh reset_counter "runs" tlsdate-0.0.7/tests/run-routeup/subproc.sh000077500000000000000000000001501230412117200206260ustar00rootroot00000000000000#!/bin/sh . "$(dirname $0)"/../common.sh inc_counter "runs" c=$(counter "runs") [ $c -eq 2 ] && passed tlsdate-0.0.7/tests/run-routeup/teardown000066400000000000000000000001011230412117200203540ustar00rootroot00000000000000#!/bin/sh . "$(dirname "$0")"/../common.sh reset_counter "runs" tlsdate-0.0.7/tests/subproc-retry/000077500000000000000000000000001230412117200171315ustar00rootroot00000000000000tlsdate-0.0.7/tests/subproc-retry/input000066400000000000000000000000021230412117200202030ustar00rootroot00000000000000a tlsdate-0.0.7/tests/subproc-retry/output000066400000000000000000000000171230412117200204120ustar00rootroot00000000000000dying dying ok tlsdate-0.0.7/tests/subproc-retry/runs000066400000000000000000000000021230412117200200330ustar00rootroot000000000000003 tlsdate-0.0.7/tests/subproc-retry/setup000077500000000000000000000001011230412117200202070ustar00rootroot00000000000000#!/bin/sh . "$(dirname "$0")"/../common.sh reset_counter "runs" tlsdate-0.0.7/tests/subproc-retry/subproc.sh000077500000000000000000000002321230412117200211420ustar00rootroot00000000000000#!/bin/sh . "$(dirname $0)"/../common.sh inc_counter "runs" if [ $(counter "runs") -lt 3 ]; then echo "dying" echo "$$" >> /tmp/pidz exit 1 fi passed tlsdate-0.0.7/tests/subproc-retry/teardown000066400000000000000000000001011230412117200206670ustar00rootroot00000000000000#!/bin/sh . "$(dirname "$0")"/../common.sh reset_counter "runs" tlsdate-0.0.7/tests/wait-idle/000077500000000000000000000000001230412117200161705ustar00rootroot00000000000000tlsdate-0.0.7/tests/wait-idle/input000066400000000000000000000000001230412117200172400ustar00rootroot00000000000000tlsdate-0.0.7/tests/wait-idle/output000066400000000000000000000000001230412117200174410ustar00rootroot00000000000000tlsdate-0.0.7/tests/wait-idle/subproc.sh000066400000000000000000000001511230412117200201760ustar00rootroot00000000000000#!/bin/sh . "$(dirname $0)"/../common.sh inc_counter "runs" c=$(counter "runs") [ $c -eq 2 ] && failed tlsdate-0.0.7/tlsdate-brew-formula.rb000066400000000000000000000014161230412117200175360ustar00rootroot00000000000000require 'formula' class Tlsdate < Formula homepage 'https://www.github.com/ioerror/tlsdate/' url 'https://nodeload.github.com/ioerror/tlsdate/tar.gz/master' # This hash will never be correct until we put a tagged version into master # update accordingly until we do a proper release that supports OS X sha1 '2e818eb327af74c6a6c86a8c8b3911e20be9bc0f' version '0.0.6' depends_on 'autoconf' => :build depends_on 'automake' => :build depends_on 'libtool' => :build depends_on 'pkg-config' => :build def install system "./autogen.sh" system "./configure", "--disable-debug", "--disable-dependency-tracking", "--prefix=#{prefix}" system "make" system "make install" end def test system "tlsdate -v -n" end end tlsdate-0.0.7/tlsdate-seccomp-amd64.policy000066400000000000000000000013311230412117200203660ustar00rootroot00000000000000mmap: 1 open: 1 read: 1 close: 1 fstat: 1 mprotect: 1 munmap: 1 stat: 1 write: 1 lseek: 1 brk: 1 fcntl: 1 execve: 1 sendto: 1 # Allow domain == PF_FILE || domain == PF_INET || domain == PF_NETLINK socket: arg0 == 1 || arg0 == 2 || arg0 == 16 connect: 1 poll: 1 access: 1 arch_prctl: 1 wait4: 1 rt_sigaction: 1 exit_group: 1 rt_sigprocmask: 1 clone: 1 # Allow request == RTC_SET_TIME || request == FIONREAD ioctl: arg1 == 0x4024700a || arg1 == 0x541b getuid: 1 exit: 1 rt_sigreturn: 1 rename: 1 select: 1 setgid: 1 settimeofday: 1 restart_syscall: 1 setresgid: 1 setgroups: 1 setsockopt: 1 bind: 1 recvfrom: 1 setresuid: 1 nanosleep: 1 clock_gettime: 1 clock_settime: 1 futex: 1 getrlimit: 1 set_robust_list: 1 set_tid_address: 1 tlsdate-0.0.7/tlsdate-seccomp-arm.policy000066400000000000000000000014111230412117200202310ustar00rootroot00000000000000open: 1 read: 1 mmap2: 1 stat64: 1 close: 1 fstat64: 1 _newselect: 1 mprotect: 1 munmap: 1 gettimeofday: 1 _llseek: 1 write: 1 rt_sigprocmask: 1 brk: 1 execve: 1 fcntl64: 1 rt_sigaction: 1 send: 1 poll: 1 # Allow domain == PF_FILE || domain == PF_INET || domain == PF_NETLINK socket: arg0 == 1 || arg0 == 2 || arg0 == 16 uname: 1 connect: 1 access: 1 ARM_set_tls: 1 wait4: 1 exit_group: 1 getuid32: 1 clone: 1 # Allow request == RTC_SET_TIME || request == FIONREAD ioctl: arg1 == 0x4024700a || arg1 == 0x541b setgid32: 1 recvfrom: 1 setresuid32: 1 setgroups32: 1 settimeofday: 1 restart_syscall: 1 setsockopt: 1 setresgid32: 1 nanosleep: 1 exit: 1 rt_sigreturn: 1 rename: 1 bind: 1 clock_gettime: 1 clock_settime: 1 futex: 1 ugetrlimit: 1 set_robust_list: 1 set_tid_address: 1 tlsdate-0.0.7/tlsdate-seccomp-x86.policy000066400000000000000000000012231230412117200201000ustar00rootroot00000000000000open: 1 mmap2: 1 read: 1 close: 1 fstat64: 1 stat64: 1 munmap: 1 mprotect: 1 time: 1 socketcall: 1 _llseek: 1 brk: 1 write: 1 execve: 1 fcntl64: 1 gettimeofday: 1 poll: 1 access: 1 set_thread_area: 1 waitpid: 1 exit_group: 1 rt_sigprocmask: 1 getuid32: 1 clone: 1 rt_sigaction: 1 # Allow request == RTC_SET_TIME || request == FIONREAD ioctl: arg1 == 0x4024700a || arg1 == 0x541b setgid32: 1 setgroups32: 1 setresuid32: 1 settimeofday: 1 restart_syscall: 1 setresgid32: 1 nanosleep: 1 exit: 1 rt_sigreturn: 1 rename: 1 select: 1 _newselect: 1 clock_gettime: 1 clock_settime: 1 futex: 1 getrlimit: 1 ugetrlimit: 1 set_robust_list: 1 set_tid_address: 1 uname: 1 tlsdate-0.0.7/tlsdated.service000066400000000000000000000001521230412117200163330ustar00rootroot00000000000000[Unit] Description=Secure parasitic rdate replacement [Service] ExecStart=/usr/bin/tlsdated Type=forking